@toon-protocol/client 0.13.0 → 0.14.1

package/dist/index.d.ts

@@ -1,7 +1,9 @@
 import * as _toon_protocol_core from '@toon-protocol/core';
 import { IlpPeerInfo, IlpClient, IlpSendResult, NetworkFamilyStatus, ConnectorAdminClient, ConnectorChannelClient, OpenChannelParams, OpenChannelResult, ChannelState } from '@toon-protocol/core';
+export { UI_RENDERER_KIND, UI_TAG, UiCoordinate, buildUiCoordinate, getUiCoordinate, parseUiCoordinate, selectLatestAddressable } from '@toon-protocol/core';
 import { NostrEvent, EventTemplate } from 'nostr-tools/pure';
 import { PrivateKeyAccount } from 'viem/accounts';
+export { A2uiDecision, ConsentDecision, ConsentRequest, DispatchGuardInfo, DispatchInput, GenerateContext, GeneratedRenderer, GenerativeDecision, GenerativeFallbackOptions, GenerativeFallbackRenderer, GenerativeFallbackResult, GuardedDispatchInput, IntentClassification, KindRegistry, MIME_A2UI, MIME_MCP_APP, McpUiDecision, NativeDecision, PublishBackOptions, RenderBranch, RenderDecision, RenderTrust, RendererGenerator, RendererPin, RendererPinStore, RendererPublisher, RendererSigner, ResolvedCoordinate, SwapApproval, SwapDecision, SwapRejection, SwapRejectionReason, UiResource, VerifyRendererInput, WidgetIntent, buildConsentRequest, buildRendererEventTemplate, classifyIntent, deterministicGenerator, extractUiResource, guardedRenderDispatch, isTrustDowngrade, publishBackCoordinate, renderDeterministicHtml, renderDispatch, resolveRendererMime, resolveUiCoordinate, resolveUiRenderer, verifyRendererTrust } from './render/index.js';
 
 /**
  * Solana payment-channel parameters supplied via `ToonClientConfig.solanaChannel`.
@@ -402,13 +404,21 @@ interface SignedBalanceProof extends BalanceProofParams {
  *
  * ## FULFILL data contract
  *
- * For a successful single-packet (non-chunked) blob upload, the DVM provider
- * returns the Arweave transaction ID as a **UTF-8 string, base64-encoded** in
- * the ILP FULFILL `data` field (the connector validates that FULFILL data is
- * base64). An Arweave tx ID is a 43-character base64url string (32 raw bytes).
+ * The deployed connector is a payment-proxy (HTTP-in-ILP): a successful blob
+ * upload returns the DVM's verbatim **HTTP/1.1 response message** in the ILP
+ * FULFILL `data` field. For a single-packet (non-chunked) upload the body is a
+ * JSON object:
  *
- * So the decode is:
- *   `txId = utf8(base64decode(result.data))`
+ *   HTTP/1.1 200 OK\r\n
+ *   content-length: 189\r\n
+ *   \r\n
+ *   {"accept":true,"txId":"<43-char base64url>","data":"<base64 of txId>",...}
+ *
+ * We parse the HTTP envelope, fail on a non-2xx status (or `accept:false`), and
+ * read the Arweave tx ID from `txId` (falling back to base64-decoding `data`).
+ * An Arweave tx ID is a 43-character base64url string (32 raw bytes). A legacy
+ * fallback still accepts a bare `base64(utf8(txId))` FULFILL (no HTTP envelope)
+ * so non-proxy providers do not regress. See {@link extractArweaveTxId}.
  *
  * See `packages/sdk/src/arweave/arweave-dvm-handler.ts` for the server side and
  * `packages/client/tests/e2e/docker-arweave-dvm-e2e.test.ts` for the reference
@@ -2366,6 +2376,64 @@ declare function withRetry<T>(operation: () => Promise<T>, options: RetryOptions
  */
 declare function buildStoreWriteEnvelope(event: NostrEvent): Uint8Array;
 
+/**
+ * Shared parser for the HTTP-over-ILP response carried in an ILP **FULFILL**
+ * packet's `data` field.
+ *
+ * The deployed connector is a payment-proxy (HTTP-in-ILP): a paid write/upload
+ * is reverse-proxied to the relay/DVM origin and the origin's reply is returned
+ * **verbatim as a full HTTP/1.1 response message** inside the FULFILL `data`:
+ *
+ *   HTTP/1.1 200 OK\r\n
+ *   content-length: 189\r\n
+ *   \r\n
+ *   {"accept":true,"txId":"4QcRav...","data":"<base64-txid>",...}
+ *
+ * Callers (`ToonClient.publishEvent`, `requestBlobStorage`) previously treated
+ * this `data` as opaque success bytes — `publishEvent` reported success on ANY
+ * FULFILL even when the embedded HTTP status was `404 Not Found`, and
+ * `requestBlobStorage` base64-decoded the WHOLE response as if it were the bare
+ * Arweave tx id. This module makes the HTTP envelope first-class so both paths
+ * can read the real status and body.
+ *
+ * The full Web-`Response` reconstruction used by the h402 fetch path lives in
+ * `adapters/Http402Client.ts` (`parseHttpResponse`); this is a smaller,
+ * dependency-free helper that returns the status code + raw body string, which
+ * is all the publish/upload paths need.
+ *
+ * DEFENSIVE: not every FULFILL is HTTP-enveloped (e.g. Mill-swap raw-TOON
+ * FULFILLs go through `sendSwapPacket`, not these paths). If the decoded data
+ * does not begin with an `HTTP/<v>` status line, `isHttp` is `false` and the
+ * caller should fall back to its prior (non-HTTP) interpretation rather than
+ * fail. This keeps non-HTTP FULFILLs from regressing.
+ */
+/** Result of parsing FULFILL `data` as an HTTP/1.1 response. */
+interface ParsedFulfillHttp {
+    /** Whether the data looked like an HTTP/1.1 response (status line present). */
+    isHttp: boolean;
+    /** HTTP status code (e.g. 200, 404). Only meaningful when `isHttp` is true. */
+    status: number;
+    /** Reason phrase from the status line (may be empty). */
+    statusText: string;
+    /** Decoded response body as a UTF-8 string (empty when none). */
+    body: string;
+}
+/**
+ * Parse FULFILL `data` bytes as an HTTP/1.1 response.
+ *
+ * Returns `{ isHttp: false, ... }` (without throwing) when the payload does not
+ * start with an `HTTP/<v>` status line, so callers can fall back to their
+ * legacy non-HTTP interpretation. When it IS an HTTP response, the status code
+ * and body are extracted; a present-but-malformed status line yields
+ * `isHttp: false` as well (treated as non-HTTP rather than throwing).
+ */
+declare function parseFulfillHttpBytes(bytes: Uint8Array): ParsedFulfillHttp;
+/**
+ * Convenience wrapper: decode a base64 FULFILL `data` string (the shape carried
+ * on `IlpSendResult.data`) and parse it as an HTTP/1.1 response.
+ */
+declare function parseFulfillHttp(base64Data: string): ParsedFulfillHttp;
+
 /**
  * Settlement info produced by buildSettlementInfo().
  * Extends the core SettlementConfig shape with ilpAddress for client use.
@@ -3268,4 +3336,4 @@ declare function loadKeystore(path: string, password: string): string;
  */
 declare function writeKeystoreFile(path: string, keystore: EncryptedKeystore): void;
 
-export { type BackupPayload, type BalanceProofParams, BtpRuntimeClient, type BtpRuntimeClientConfig, type ChainMetadata, type ChainSigner, ChannelManager, type ClaimMessage, type ClaimResolver, ConnectorError, type DiscoveredIlpPeer, type EVMClaimMessage, type EncryptedKeystore, EvmSigner, type FaucetChain, type FundWalletOptions, type FundWalletResult, type H402FetchOptions, Http402Client, type Http402ClientConfig, HttpConnectorAdmin, type HttpConnectorAdminConfig, HttpIlpClient, type HttpIlpClientConfig, type HttpIlpClientFactory, HttpRuntimeClient, type HttpRuntimeClientConfig, ILP_CLAIM_HEADER, ILP_CLAIM_WRAPPED_HEADER, ILP_PEER_ID_HEADER, type IlpTransportChoice, type InteractionResultContent, KeyManager, type KeyManagerConfig, type MinaClaimMessage, type MinaDepositReader, MinaSigner, type MinaSignerOptions, NetworkError, OnChainChannelClient, type OnChainChannelClientConfig, type ParsedX402Challenge, type PasskeyInfo, type PetDvmProvider, type PetInteractionEventData, type PetInteractionRequestParams, type PetInteractionResultData, type PetListing, type PetListingFilterOptions, type PetListingParams, type PetPurchaseRequestParams, type ProofStatus, type PublishEventResult, type RequestBlobStorageParams, type RequestBlobStorageResult, type RetryOptions, type SelectIlpTransportOptions, type SignedBalanceProof, type SolanaChannelClientOptions, type SolanaClaimMessage, SolanaSigner, type StatValues, type ToonChannelAccept, ToonClient, type ToonClientConfig, ToonClientError, type ToonIdentity, type ToonSigners, type ToonStartResult, type UnsignedNostrEvent, ValidationError, type VaultData, applyDefaults, applyNetworkPresets, buildBackupEvent, buildBackupFilter, buildPetInteractionRequest, buildPetListingEvent, buildPetPurchaseRequest, buildSettlementInfo, buildStoreWriteEnvelope, decryptMnemonic, deriveFromNsec, deriveFullIdentity, deriveNostrKeyFromMnemonic, encryptMnemonic, filterPetDvmProviders, filterPetListings, fundWallet, generateKeystore, generateMnemonic, generateRandomIdentity, getNetworkStatus, httpEndpointToBtpUrl, importKeystore, isPrfSupported, loadKeystore, parseBackupPayload, parseHttpResponse, parsePetInteractionEvent, parsePetInteractionResult, parsePetListing, parseX402Body, parseX402Challenge, proxyIlpEndpoint, readDiscoveredIlpPeer, readMinaDepositTotal, requestBlobStorage, selectIlpTransport, serializeHttpRequest, validateConfig, validateMnemonic, withRetry, writeKeystoreFile };
+export { type BackupPayload, type BalanceProofParams, BtpRuntimeClient, type BtpRuntimeClientConfig, type ChainMetadata, type ChainSigner, ChannelManager, type ClaimMessage, type ClaimResolver, ConnectorError, type DiscoveredIlpPeer, type EVMClaimMessage, type EncryptedKeystore, EvmSigner, type FaucetChain, type FundWalletOptions, type FundWalletResult, type H402FetchOptions, Http402Client, type Http402ClientConfig, HttpConnectorAdmin, type HttpConnectorAdminConfig, HttpIlpClient, type HttpIlpClientConfig, type HttpIlpClientFactory, HttpRuntimeClient, type HttpRuntimeClientConfig, ILP_CLAIM_HEADER, ILP_CLAIM_WRAPPED_HEADER, ILP_PEER_ID_HEADER, type IlpTransportChoice, type InteractionResultContent, KeyManager, type KeyManagerConfig, type MinaClaimMessage, type MinaDepositReader, MinaSigner, type MinaSignerOptions, NetworkError, OnChainChannelClient, type OnChainChannelClientConfig, type ParsedFulfillHttp, type ParsedX402Challenge, type PasskeyInfo, type PetDvmProvider, type PetInteractionEventData, type PetInteractionRequestParams, type PetInteractionResultData, type PetListing, type PetListingFilterOptions, type PetListingParams, type PetPurchaseRequestParams, type ProofStatus, type PublishEventResult, type RequestBlobStorageParams, type RequestBlobStorageResult, type RetryOptions, type SelectIlpTransportOptions, type SignedBalanceProof, type SolanaChannelClientOptions, type SolanaClaimMessage, SolanaSigner, type StatValues, type ToonChannelAccept, ToonClient, type ToonClientConfig, ToonClientError, type ToonIdentity, type ToonSigners, type ToonStartResult, type UnsignedNostrEvent, ValidationError, type VaultData, applyDefaults, applyNetworkPresets, buildBackupEvent, buildBackupFilter, buildPetInteractionRequest, buildPetListingEvent, buildPetPurchaseRequest, buildSettlementInfo, buildStoreWriteEnvelope, decryptMnemonic, deriveFromNsec, deriveFullIdentity, deriveNostrKeyFromMnemonic, encryptMnemonic, filterPetDvmProviders, filterPetListings, fundWallet, generateKeystore, generateMnemonic, generateRandomIdentity, getNetworkStatus, httpEndpointToBtpUrl, importKeystore, isPrfSupported, loadKeystore, parseBackupPayload, parseFulfillHttp, parseFulfillHttpBytes, parseHttpResponse, parsePetInteractionEvent, parsePetInteractionResult, parsePetListing, parseX402Body, parseX402Challenge, proxyIlpEndpoint, readDiscoveredIlpPeer, readMinaDepositTotal, requestBlobStorage, selectIlpTransport, serializeHttpRequest, validateConfig, validateMnemonic, withRetry, writeKeystoreFile };

package/dist/index.js

@@ -1,3 +1,31 @@
+import {
+  GenerativeFallbackRenderer,
+  KindRegistry,
+  MIME_A2UI,
+  MIME_MCP_APP,
+  RendererPinStore,
+  UI_RENDERER_KIND,
+  UI_TAG,
+  buildConsentRequest,
+  buildRendererEventTemplate,
+  buildUiCoordinate,
+  classifyIntent,
+  deterministicGenerator,
+  extractUiResource,
+  getUiCoordinate,
+  guardedRenderDispatch,
+  isTrustDowngrade,
+  parseUiCoordinate,
+  publishBackCoordinate,
+  renderDeterministicHtml,
+  renderDispatch,
+  resolveRendererMime,
+  resolveUiCoordinate,
+  resolveUiRenderer,
+  selectLatestAddressable,
+  verifyRendererTrust
+} from "./chunk-QEMD5EAI.js";
+
 // src/ToonClient.ts
 import { generateSecretKey as generateSecretKey3, getPublicKey as getPublicKey2, finalizeEvent } from "nostr-tools/pure";
 
@@ -490,6 +518,44 @@ function buildStoreWriteEnvelope(event) {
   return encodeUtf8(head + "\r\n\r\n" + body);
 }
 
+// src/utils/fulfill-http.ts
+var CRLF = "\r\n";
+function findHeaderEnd(bytes) {
+  for (let i = 0; i + 3 < bytes.length; i++) {
+    if (bytes[i] === 13 && bytes[i + 1] === 10 && bytes[i + 2] === 13 && bytes[i + 3] === 10) {
+      return i + 4;
+    }
+  }
+  return -1;
+}
+function parseFulfillHttpBytes(bytes) {
+  const notHttp = {
+    isHttp: false,
+    status: 0,
+    statusText: "",
+    body: ""
+  };
+  const headerEnd = findHeaderEnd(bytes);
+  const headBytes = headerEnd === -1 ? bytes : bytes.subarray(0, headerEnd - 2);
+  const bodyBytes = headerEnd === -1 ? new Uint8Array(0) : bytes.subarray(headerEnd);
+  const headText = decodeUtf8(headBytes);
+  const lines = headText.split(CRLF).filter((l) => l.length > 0);
+  const statusLine = lines.shift();
+  if (!statusLine) return notHttp;
+  if (!statusLine.trimStart().startsWith("HTTP/")) return notHttp;
+  const match = /^HTTP\/\d\.\d\s+(\d{3})(?:\s+(.*))?$/.exec(statusLine.trim());
+  if (!match) return notHttp;
+  return {
+    isHttp: true,
+    status: parseInt(match[1], 10),
+    statusText: match[2] ?? "",
+    body: decodeUtf8(bodyBytes)
+  };
+}
+function parseFulfillHttp(base64Data) {
+  return parseFulfillHttpBytes(fromBase64(base64Data));
+}
+
 // src/modes/http.ts
 import { BootstrapService, createDiscoveryTracker } from "@toon-protocol/core";
 
@@ -3529,15 +3595,17 @@ async function requestBlobStorage(client, secretKey, params) {
     return {
       success: false,
       eventId: event.id,
-      error: "FULFILL contained no data; expected base64-encoded Arweave tx ID"
+      error: "FULFILL contained no data; expected an HTTP response with the Arweave tx ID"
     };
   }
-  const txId = decodeUtf8(fromBase64(result.data));
-  if (!ARWEAVE_TX_ID_REGEX.test(txId)) {
+  let txId;
+  try {
+    txId = extractArweaveTxId(result.data);
+  } catch (error) {
     return {
       success: false,
       eventId: event.id,
-      error: `Decoded FULFILL data is not a valid Arweave tx ID: "${txId}"`
+      error: error instanceof Error ? error.message : String(error)
     };
   }
   return {
@@ -3546,6 +3614,49 @@ async function requestBlobStorage(client, secretKey, params) {
     eventId: event.id
   };
 }
+function extractArweaveTxId(base64Data) {
+  const http2 = parseFulfillHttp(base64Data);
+  if (!http2.isHttp) {
+    const legacy = decodeUtf8(fromBase64(base64Data));
+    if (!ARWEAVE_TX_ID_REGEX.test(legacy)) {
+      throw new Error(
+        `Decoded FULFILL data is not a valid Arweave tx ID: "${legacy}"`
+      );
+    }
+    return legacy;
+  }
+  if (http2.status < 200 || http2.status >= 300) {
+    const detail = http2.body ? ` - ${http2.body}` : "";
+    throw new Error(
+      `Blob upload failed: DVM returned HTTP ${http2.status} ${http2.statusText}`.trimEnd() + detail
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(http2.body);
+  } catch {
+    throw new Error(
+      `Blob upload response body was not valid JSON: "${http2.body}"`
+    );
+  }
+  const body = parsed;
+  if (body.accept === false) {
+    const reason = typeof body.error === "string" ? `: ${body.error}` : "";
+    throw new Error(`Blob upload rejected by DVM (accept:false)${reason}`);
+  }
+  if (typeof body.txId === "string" && ARWEAVE_TX_ID_REGEX.test(body.txId)) {
+    return body.txId;
+  }
+  if (typeof body.data === "string" && body.data.length > 0) {
+    const decoded = decodeUtf8(fromBase64(body.data));
+    if (ARWEAVE_TX_ID_REGEX.test(decoded)) {
+      return decoded;
+    }
+  }
+  throw new Error(
+    `Blob upload response did not contain a valid Arweave tx ID: "${http2.body}"`
+  );
+}
 
 // src/adapters/Http402Client.ts
 var Http402Client = class {
@@ -3720,7 +3831,7 @@ function parseX402Body(body) {
   }
   return version !== void 0 ? { x402Version: version } : {};
 }
-var CRLF = "\r\n";
+var CRLF2 = "\r\n";
 function concatHeadAndBody(head, body) {
   const headBytes = encodeUtf8(head);
   const out = new Uint8Array(headBytes.length + body.length);
@@ -3750,10 +3861,10 @@ function serializeHttpRequest(req) {
     `${req.method.toUpperCase()} ${target} HTTP/1.1`,
     ...headers.values()
   ];
-  const head = lines.join(CRLF) + CRLF + CRLF;
+  const head = lines.join(CRLF2) + CRLF2 + CRLF2;
   return concatHeadAndBody(head, bodyBytes);
 }
-function findHeaderEnd(bytes) {
+function findHeaderEnd2(bytes) {
   for (let i = 0; i + 3 < bytes.length; i++) {
     if (bytes[i] === 13 && bytes[i + 1] === 10 && bytes[i + 2] === 13 && bytes[i + 3] === 10) {
       return i + 4;
@@ -3762,11 +3873,11 @@ function findHeaderEnd(bytes) {
   return -1;
 }
 function parseHttpResponse(bytes) {
-  const headerEnd = findHeaderEnd(bytes);
+  const headerEnd = findHeaderEnd2(bytes);
   const headBytes = headerEnd === -1 ? bytes : bytes.subarray(0, headerEnd - 2);
   const body = headerEnd === -1 ? new Uint8Array(0) : bytes.subarray(headerEnd);
   const headText = decodeUtf8(headBytes);
-  const lines = headText.split(CRLF).filter((l) => l.length > 0);
+  const lines = headText.split(CRLF2).filter((l) => l.length > 0);
   const statusLine = lines.shift();
   if (!statusLine) {
     throw new ConnectorError(
@@ -4123,6 +4234,16 @@ var ToonClient = class {
           error: `Event rejected: ${response.code} - ${response.message}`
         };
       }
+      if (response.data) {
+        const httpResult = parseFulfillHttp(response.data);
+        if (httpResult.isHttp && (httpResult.status < 200 || httpResult.status >= 300)) {
+          const detail = httpResult.body ? ` - ${httpResult.body}` : "";
+          return {
+            success: false,
+            error: `Write failed: relay returned HTTP ${httpResult.status} ${httpResult.statusText}`.trimEnd() + detail
+          };
+        }
+      }
       return {
         success: true,
         eventId: event.id,
@@ -6398,6 +6519,7 @@ export {
   ChannelManager,
   ConnectorError,
   EvmSigner,
+  GenerativeFallbackRenderer,
   Http402Client,
   HttpConnectorAdmin,
   HttpIlpClient,
@@ -6406,27 +6528,39 @@ export {
   ILP_CLAIM_WRAPPED_HEADER,
   ILP_PEER_ID_HEADER,
   KeyManager,
+  KindRegistry,
+  MIME_A2UI,
+  MIME_MCP_APP,
   MinaSigner,
   NetworkError,
   OnChainChannelClient,
+  RendererPinStore,
   SolanaSigner,
   ToonClient,
   ToonClientError,
+  UI_RENDERER_KIND,
+  UI_TAG,
   ValidationError,
   applyDefaults,
   applyNetworkPresets,
   buildBackupEvent,
   buildBackupFilter,
+  buildConsentRequest,
   buildPetInteractionRequest,
   buildPetListingEvent,
   buildPetPurchaseRequest,
+  buildRendererEventTemplate,
   buildSettlementInfo,
   buildStoreWriteEnvelope,
+  buildUiCoordinate,
+  classifyIntent,
   decryptMnemonic2 as decryptMnemonic,
   deriveFromNsec,
   deriveFullIdentity,
   deriveNostrKeyFromMnemonic,
+  deterministicGenerator,
   encryptMnemonic2 as encryptMnemonic,
+  extractUiResource,
   filterPetDvmProviders,
   filterPetListings,
   fundWallet,
@@ -6434,25 +6568,39 @@ export {
   generateMnemonic,
   generateRandomIdentity,
   getNetworkStatus,
+  getUiCoordinate,
+  guardedRenderDispatch,
   httpEndpointToBtpUrl,
   importKeystore,
   isPrfSupported,
+  isTrustDowngrade,
   loadKeystore,
   parseBackupPayload,
+  parseFulfillHttp,
+  parseFulfillHttpBytes,
   parseHttpResponse,
   parsePetInteractionEvent,
   parsePetInteractionResult,
   parsePetListing,
+  parseUiCoordinate,
   parseX402Body,
   parseX402Challenge,
   proxyIlpEndpoint,
+  publishBackCoordinate,
   readDiscoveredIlpPeer,
   readMinaDepositTotal,
+  renderDeterministicHtml,
+  renderDispatch,
   requestBlobStorage,
+  resolveRendererMime,
+  resolveUiCoordinate,
+  resolveUiRenderer,
   selectIlpTransport,
+  selectLatestAddressable,
   serializeHttpRequest,
   validateConfig,
   validateMnemonic,
+  verifyRendererTrust,
   withRetry,
   writeKeystoreFile
 };