@usesigil/kit 0.1.0

package/dist/x402/payment-selector.js

@@ -0,0 +1,49 @@
+/**
+ * x402 Payment Option Selector — Kit-native
+ *
+ * Selects a Solana-compatible payment option from the accepts array.
+ * Includes SECURITY-CRITICAL payTo destination allowlisting.
+ */
+import { X402UnsupportedError, X402DestinationBlockedError } from "./errors.js";
+/**
+ * Select a Solana-compatible payment option from the accepts array.
+ *
+ * Filtering order:
+ * 1. Network: must start with "solana:" (CAIP-2 format)
+ * 2. Token allowlist: asset must be in config.allowedTokens (if set)
+ * 3. payTo allowlist: destination must be in config.allowedDestinations (if set) — SECURITY-CRITICAL
+ *
+ * @throws X402DestinationBlockedError if Solana options exist but all destinations are blocked
+ * @throws X402UnsupportedError if no compatible Solana option found
+ */
+export function selectPaymentOption(paymentRequired, config) {
+    const solanaOptions = [];
+    let hasBlockedDestination = false;
+    for (const option of paymentRequired.accepts) {
+        // 1. Network filter: must be Solana
+        if (!option.network.startsWith("solana:")) {
+            continue;
+        }
+        // 2. Token allowlist filter
+        if (config?.allowedTokens &&
+            !config.allowedTokens.has(option.asset)) {
+            continue;
+        }
+        solanaOptions.push(option);
+        // 3. payTo destination allowlist — SECURITY-CRITICAL
+        // Defense against prompt injection: malicious API returns attacker's payTo
+        if (config?.allowedDestinations &&
+            !config.allowedDestinations.has(option.payTo)) {
+            hasBlockedDestination = true;
+            continue;
+        }
+        return option;
+    }
+    // Specific error when Solana options exist but all destinations are blocked
+    if (solanaOptions.length > 0 && hasBlockedDestination) {
+        throw new X402DestinationBlockedError(solanaOptions[0].payTo, `All ${solanaOptions.length} Solana payment option(s) have blocked payTo destinations. ` +
+            "Add trusted destinations to X402Config.allowedDestinations.");
+    }
+    throw new X402UnsupportedError("No compatible Solana payment option found in accepts array");
+}
+//# sourceMappingURL=payment-selector.js.map

package/dist/x402/payment-selector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payment-selector.js","sourceRoot":"","sources":["../../src/x402/payment-selector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAEhF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CACjC,eAAgC,EAChC,MAAmB;IAEnB,MAAM,aAAa,GAA0B,EAAE,CAAC;IAChD,IAAI,qBAAqB,GAAG,KAAK,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;QAC7C,oCAAoC;QACpC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,SAAS;QACX,CAAC;QAED,4BAA4B;QAC5B,IACE,MAAM,EAAE,aAAa;YACrB,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,KAAgB,CAAC,EAClD,CAAC;YACD,SAAS;QACX,CAAC;QAED,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE3B,qDAAqD;QACrD,2EAA2E;QAC3E,IACE,MAAM,EAAE,mBAAmB;YAC3B,CAAC,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,KAAgB,CAAC,EACxD,CAAC;YACD,qBAAqB,GAAG,IAAI,CAAC;YAC7B,SAAS;QACX,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,4EAA4E;IAC5E,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,qBAAqB,EAAE,CAAC;QACtD,MAAM,IAAI,2BAA2B,CACnC,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,EACtB,OAAO,aAAa,CAAC,MAAM,6DAA6D;YACtF,6DAA6D,CAChE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,oBAAoB,CAC5B,4DAA4D,CAC7D,CAAC;AACJ,CAAC"}

package/dist/x402/policy-bridge.d.ts

@@ -0,0 +1,23 @@
+/**
+ * x402 Policy Bridge — Kit-native
+ *
+ * Bridges x402 payments to Kit ShieldState for spending integration.
+ * x402 payments share the SAME spending state as DeFi operations.
+ */
+import type { Address } from "@solana/kit";
+import type { ShieldedContext } from "../shield.js";
+import type { PaymentRequirements, X402Config } from "./types.js";
+/**
+ * Evaluate an x402 payment against Kit Shield policies.
+ * Pre-check only — does NOT record spend.
+ *
+ * @throws X402PaymentError if shield is paused
+ * @returns violations array (empty = approved)
+ */
+export declare function evaluateX402Payment(selected: PaymentRequirements, shieldCtx: ShieldedContext, config?: X402Config, signerAddress?: Address): string[];
+/**
+ * Record an x402 payment in ShieldState after successful payment.
+ * x402 payments share the SAME spending state as DeFi operations.
+ */
+export declare function recordX402Spend(shieldCtx: ShieldedContext, asset: string, amount: bigint): void;
+//# sourceMappingURL=policy-bridge.d.ts.map

package/dist/x402/policy-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-bridge.d.ts","sourceRoot":"","sources":["../../src/x402/policy-bridge.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,KAAK,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAIlE;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,mBAAmB,EAC7B,SAAS,EAAE,eAAe,EAC1B,MAAM,CAAC,EAAE,UAAU,EACnB,aAAa,CAAC,EAAE,OAAO,GACtB,MAAM,EAAE,CAuDV;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,SAAS,EAAE,eAAe,EAC1B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,IAAI,CAGN"}

package/dist/x402/policy-bridge.js

@@ -0,0 +1,67 @@
+/**
+ * x402 Policy Bridge — Kit-native
+ *
+ * Bridges x402 payments to Kit ShieldState for spending integration.
+ * x402 payments share the SAME spending state as DeFi operations.
+ */
+import { X402PaymentError } from "./errors.js";
+import { TOKEN_PROGRAM_ID } from "./transfer-builder.js";
+/**
+ * Evaluate an x402 payment against Kit Shield policies.
+ * Pre-check only — does NOT record spend.
+ *
+ * @throws X402PaymentError if shield is paused
+ * @returns violations array (empty = approved)
+ */
+export function evaluateX402Payment(selected, shieldCtx, config, signerAddress) {
+    const violations = [];
+    // 1. Shield paused = block all x402 payments
+    if (shieldCtx.isPaused) {
+        throw new X402PaymentError("Shield is paused — all x402 payments are blocked until resume()");
+    }
+    // 2. Cumulative spend check via ShieldState
+    if (config?.maxCumulativeSpend !== undefined) {
+        const windowMs = config.cumulativeWindowMs ?? 86_400_000;
+        const currentSpend = shieldCtx.state.getTotalSpendInWindow(windowMs);
+        const paymentAmount = BigInt(selected.amount);
+        if (currentSpend + paymentAmount > config.maxCumulativeSpend) {
+            violations.push(`Cumulative x402 spend ${currentSpend + paymentAmount} exceeds limit ${config.maxCumulativeSpend} ` +
+                `in ${windowMs}ms window`);
+        }
+    }
+    // 3. Per-request ceiling
+    if (config?.maxPaymentPerRequest !== undefined) {
+        const paymentAmount = BigInt(selected.amount);
+        if (paymentAmount > config.maxPaymentPerRequest) {
+            violations.push(`Payment ${selected.amount} exceeds per-request ceiling ${config.maxPaymentPerRequest}`);
+        }
+    }
+    // 4. Delegate to Shield's instruction check with synthetic transfer instruction
+    if (signerAddress) {
+        const syntheticIx = {
+            programAddress: TOKEN_PROGRAM_ID,
+            accounts: [
+                { address: signerAddress },
+                { address: selected.asset },
+                { address: selected.payTo },
+                { address: signerAddress },
+            ],
+        };
+        const checkResult = shieldCtx.check([syntheticIx], signerAddress);
+        if (!checkResult.allowed) {
+            for (const v of checkResult.violations) {
+                violations.push(v.message);
+            }
+        }
+    }
+    return violations;
+}
+/**
+ * Record an x402 payment in ShieldState after successful payment.
+ * x402 payments share the SAME spending state as DeFi operations.
+ */
+export function recordX402Spend(shieldCtx, asset, amount) {
+    shieldCtx.state.recordSpend(asset, amount);
+    shieldCtx.state.recordTransaction();
+}
+//# sourceMappingURL=policy-bridge.js.map

package/dist/x402/policy-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-bridge.js","sourceRoot":"","sources":["../../src/x402/policy-bridge.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAA6B,EAC7B,SAA0B,EAC1B,MAAmB,EACnB,aAAuB;IAEvB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,6CAA6C;IAC7C,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACvB,MAAM,IAAI,gBAAgB,CACxB,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,IAAI,MAAM,EAAE,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,kBAAkB,IAAI,UAAU,CAAC;QACzD,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACrE,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,YAAY,GAAG,aAAa,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC7D,UAAU,CAAC,IAAI,CACb,yBAAyB,YAAY,GAAG,aAAa,kBAAkB,MAAM,CAAC,kBAAkB,GAAG;gBACjG,MAAM,QAAQ,WAAW,CAC5B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,MAAM,EAAE,oBAAoB,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,aAAa,GAAG,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAChD,UAAU,CAAC,IAAI,CACb,WAAW,QAAQ,CAAC,MAAM,gCAAgC,MAAM,CAAC,oBAAoB,EAAE,CACxF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,WAAW,GAA2B;YAC1C,cAAc,EAAE,gBAAgB;YAChC,QAAQ,EAAE;gBACR,EAAE,OAAO,EAAE,aAAa,EAAE;gBAC1B,EAAE,OAAO,EAAE,QAAQ,CAAC,KAAgB,EAAE;gBACtC,EAAE,OAAO,EAAE,QAAQ,CAAC,KAAgB,EAAE;gBACtC,EAAE,OAAO,EAAE,aAAa,EAAE;aAC3B;SACF,CAAC;QAEF,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,SAA0B,EAC1B,KAAa,EACb,MAAc;IAEd,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC3C,SAAS,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;AACtC,CAAC"}

package/dist/x402/shielded-fetch.d.ts

@@ -0,0 +1,46 @@
+/**
+ * x402 shieldedFetch — Kit-native
+ *
+ * Core 17-step flow for HTTP 402 Payment Required support.
+ * Uses Kit TransactionSigner, zero web3.js dependency.
+ *
+ * x402 payments are simple SPL transfers — NOT Sigil-composed transactions.
+ * Shield enforcement happens at the policy-bridge level, not the signer level.
+ */
+import type { Rpc, SolanaRpcApi, TransactionSigner } from "@solana/kit";
+import type { ShieldedContext } from "../shield.js";
+import type { X402Config, ShieldedFetchOptions, ShieldedFetchResponse } from "./types.js";
+/**
+ * Fetch a URL with automatic x402 payment support — Kit-native.
+ *
+ * 17-step flow:
+ * 1. URL protocol validation
+ * 2. Initial fetch
+ * 3. Non-402 passthrough
+ * 4. Extract PAYMENT-REQUIRED header
+ * 5. Non-x402 402 passthrough
+ * 6. Infinite loop guard
+ * 7. Decode + validate header
+ * 8. Select payment option with payTo allowlisting
+ * 9. Replay check
+ * 10. Amount sanity
+ * 11. Policy pre-check (does NOT record spend)
+ * 12. Dry-run exit point
+ * 13. Build TransferChecked instruction
+ * 14. Compose + sign transaction
+ * 15. Retry with PAYMENT-SIGNATURE header
+ * 16. Validate settlement response
+ * 17. Record spend, emit audit event, return response
+ */
+export declare function shieldedFetch(signer: TransactionSigner, url: string | URL, config?: X402Config, shieldCtx?: ShieldedContext, rpc?: Rpc<SolanaRpcApi>, fetchOptions?: ShieldedFetchOptions): Promise<ShieldedFetchResponse>;
+/**
+ * Create a wallet-bound fetch function with automatic x402 payment support.
+ *
+ * @example
+ * ```typescript
+ * const fetch402 = createShieldedFetch(signer, config, shieldCtx, rpc);
+ * const res = await fetch402('https://api.example.com/paid-endpoint');
+ * ```
+ */
+export declare function createShieldedFetch(signer: TransactionSigner, config?: X402Config, shieldCtx?: ShieldedContext, rpc?: Rpc<SolanaRpcApi>): (url: string | URL, init?: ShieldedFetchOptions) => Promise<ShieldedFetchResponse>;
+//# sourceMappingURL=shielded-fetch.d.ts.map

package/dist/x402/shielded-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shielded-fetch.d.ts","sourceRoot":"","sources":["../../src/x402/shielded-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAEV,GAAG,EACH,YAAY,EACZ,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAUrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,KAAK,EACV,UAAU,EACV,oBAAoB,EACpB,qBAAqB,EAEtB,MAAM,YAAY,CAAC;AAmDpB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,MAAM,CAAC,EAAE,UAAU,EACnB,SAAS,CAAC,EAAE,eAAe,EAC3B,GAAG,CAAC,EAAE,GAAG,CAAC,YAAY,CAAC,EACvB,YAAY,CAAC,EAAE,oBAAoB,GAClC,OAAO,CAAC,qBAAqB,CAAC,CAwUhC;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,iBAAiB,EACzB,MAAM,CAAC,EAAE,UAAU,EACnB,SAAS,CAAC,EAAE,eAAe,EAC3B,GAAG,CAAC,EAAE,GAAG,CAAC,YAAY,CAAC,GACtB,CACD,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,IAAI,CAAC,EAAE,oBAAoB,KACxB,OAAO,CAAC,qBAAqB,CAAC,CAGlC"}

package/dist/x402/shielded-fetch.js

@@ -0,0 +1,342 @@
+/**
+ * x402 shieldedFetch — Kit-native
+ *
+ * Core 17-step flow for HTTP 402 Payment Required support.
+ * Uses Kit TransactionSigner, zero web3.js dependency.
+ *
+ * x402 payments are simple SPL transfers — NOT Sigil-composed transactions.
+ * Shield enforcement happens at the policy-bridge level, not the signer level.
+ */
+import { pipe, createTransactionMessage, setTransactionMessageFeePayer, setTransactionMessageLifetimeUsingBlockhash, appendTransactionMessageInstruction, compileTransaction, getBase58Decoder, } from "@solana/kit";
+import { X402PaymentError } from "./errors.js";
+import { signAndEncode } from "../rpc-helpers.js";
+import { decodePaymentRequiredHeader, encodePaymentSignatureHeader, decodePaymentResponseHeader, } from "./codec.js";
+import { selectPaymentOption } from "./payment-selector.js";
+import { NonceTracker } from "./nonce-tracker.js";
+import { validatePaymentAmount, recordPaymentAmount } from "./amount-guard.js";
+import { evaluateX402Payment, recordX402Spend } from "./policy-bridge.js";
+import { validateSettlement } from "./facilitator-verify.js";
+import { emitPaymentEvent, createPaymentEvent } from "./audit-trail.js";
+import { buildX402TransferInstruction } from "./transfer-builder.js";
+import { resolveToken } from "../tokens.js";
+// Global nonce tracker instance
+const globalNonceTracker = new NonceTracker();
+/**
+ * Poll getSignatureStatuses() to confirm a payment TX landed on-chain.
+ * Returns 3-state result:
+ *   'confirmed' — TX confirmed/finalized on-chain
+ *   'failed'    — TX explicitly errored on-chain (definitive failure)
+ *   'timeout'   — No definitive answer within timeout
+ * Pattern reused from rpc-helpers.ts sendAndConfirmTransaction polling.
+ */
+async function confirmSettlementOnChain(rpc, txSignature, timeoutMs) {
+    const deadline = Date.now() + timeoutMs;
+    let delay = 500;
+    while (Date.now() < deadline) {
+        const result = await rpc.getSignatureStatuses([txSignature]).send();
+        const statuses = result.value;
+        if (statuses?.[0]) {
+            const status = statuses[0];
+            if (status.err)
+                return "failed";
+            if (status.confirmationStatus === "confirmed" || status.confirmationStatus === "finalized") {
+                return "confirmed";
+            }
+        }
+        await new Promise(r => setTimeout(r, delay));
+        delay = Math.min(delay * 1.5, 3000);
+    }
+    return "timeout";
+}
+/**
+ * Fetch a URL with automatic x402 payment support — Kit-native.
+ *
+ * 17-step flow:
+ * 1. URL protocol validation
+ * 2. Initial fetch
+ * 3. Non-402 passthrough
+ * 4. Extract PAYMENT-REQUIRED header
+ * 5. Non-x402 402 passthrough
+ * 6. Infinite loop guard
+ * 7. Decode + validate header
+ * 8. Select payment option with payTo allowlisting
+ * 9. Replay check
+ * 10. Amount sanity
+ * 11. Policy pre-check (does NOT record spend)
+ * 12. Dry-run exit point
+ * 13. Build TransferChecked instruction
+ * 14. Compose + sign transaction
+ * 15. Retry with PAYMENT-SIGNATURE header
+ * 16. Validate settlement response
+ * 17. Record spend, emit audit event, return response
+ */
+export async function shieldedFetch(signer, url, config, shieldCtx, rpc, fetchOptions) {
+    const startTime = Date.now();
+    const urlStr = url.toString();
+    const maxRetries = Math.min(Math.max(config?.maxRetries ?? 1, 1), 3);
+    const effectiveRpc = fetchOptions?.rpc ?? rpc;
+    // Step 0: Config warnings
+    if (!config?.allowedDestinations || config.allowedDestinations.size === 0) {
+        console.warn("[x402] No allowedDestinations configured — accepting all payTo destinations. " +
+            "Set X402Config.allowedDestinations for production use.");
+    }
+    // Step 1: URL protocol validation (HTTPS only unless test override)
+    if (!config?.allowInsecureUrls) {
+        if (!urlStr.startsWith("https://")) {
+            throw new X402PaymentError("Only HTTPS URLs are supported for x402 payments. " +
+                "Set allowInsecureUrls in X402Config for testing only.");
+        }
+    }
+    else {
+        if (!urlStr.startsWith("https://") && !urlStr.startsWith("http://")) {
+            throw new X402PaymentError("Only HTTP/HTTPS URLs are supported for x402 payments");
+        }
+    }
+    // Build fetch init, stripping custom options
+    const init = { ...fetchOptions };
+    delete init.rpc;
+    delete init.dryRun;
+    delete init.maxPayment;
+    // Step 2: Initial fetch
+    const response = await globalThis.fetch(urlStr, init);
+    // Step 3: Non-402 passthrough
+    if (response.status !== 402) {
+        return response;
+    }
+    // Step 4: Extract PAYMENT-REQUIRED header (case-insensitive)
+    const paymentRequiredHeader = response.headers.get("payment-required") ??
+        response.headers.get("PAYMENT-REQUIRED");
+    // Step 5: Non-x402 402 passthrough
+    if (!paymentRequiredHeader) {
+        return response;
+    }
+    // Step 6: Infinite loop guard — reject if PAYMENT-SIGNATURE already sent
+    if (hasPaymentSignatureHeader(init.headers)) {
+        throw new X402PaymentError("Payment already attempted — refusing to retry to prevent infinite loops");
+    }
+    // Step 7: Decode + validate header
+    const paymentRequired = decodePaymentRequiredHeader(paymentRequiredHeader);
+    // Step 8: Select payment option with payTo allowlisting
+    const selected = selectPaymentOption(paymentRequired, config);
+    // Step 9: Replay check
+    if (config?.enableReplayProtection !== false) {
+        await globalNonceTracker.checkOrThrow(urlStr, selected.payTo, selected.amount);
+    }
+    // Step 10: Amount sanity
+    const parsedAmount = validatePaymentAmount(selected.amount, config);
+    // Override maxPayment from fetch options
+    if (fetchOptions?.maxPayment !== undefined &&
+        parsedAmount > fetchOptions.maxPayment) {
+        throw new X402PaymentError(`Server requires ${selected.amount} but maxPayment is ${fetchOptions.maxPayment}`);
+    }
+    // Step 11: Policy pre-check (does NOT record spend)
+    if (shieldCtx) {
+        const violations = evaluateX402Payment(selected, shieldCtx, config, signer.address);
+        if (violations.length > 0) {
+            const event = createPaymentEvent({
+                url: urlStr,
+                payTo: selected.payTo,
+                asset: selected.asset,
+                amount: selected.amount,
+                paid: false,
+                deniedReason: violations.join("; "),
+                startTime,
+            });
+            emitPaymentEvent(config, event);
+            throw new X402PaymentError(`x402 payment denied by policy: ${violations.join("; ")}`);
+        }
+    }
+    // Step 12: Dry-run exit point
+    if (fetchOptions?.dryRun) {
+        const dryResponse = new Response(null, {
+            status: 402,
+        });
+        dryResponse.x402 = {
+            paid: false,
+            amountPaid: selected.amount,
+            asset: selected.asset,
+            payTo: selected.payTo,
+        };
+        return dryResponse;
+    }
+    // Step 13: Build TransferChecked instruction
+    if (!effectiveRpc) {
+        throw new X402PaymentError("RPC connection required for x402 payments. Pass rpc in options.");
+    }
+    const tokenInfo = resolveToken(selected.asset, "mainnet-beta");
+    const decimals = tokenInfo?.decimals ?? 6;
+    const transferIx = await buildX402TransferInstruction({
+        from: signer.address,
+        payTo: selected.payTo,
+        asset: selected.asset,
+        amount: parsedAmount,
+        decimals,
+    });
+    // Step 14: Compose + sign transaction using Kit pipe()
+    const { value: blockhashInfo } = await effectiveRpc
+        .getLatestBlockhash()
+        .send();
+    const txMessage = pipe(createTransactionMessage({ version: 0 }), (tx) => setTransactionMessageFeePayer(signer.address, tx), (tx) => setTransactionMessageLifetimeUsingBlockhash(blockhashInfo, tx), (tx) => appendTransactionMessageInstruction(transferIx, tx));
+    const compiledTx = compileTransaction(txMessage);
+    // Sign + encode using shared utility
+    const wireBase64 = await signAndEncode(signer, compiledTx);
+    // Extract client's expected TX signature from wire format
+    // Wire format: 1 byte (compact-u16 sig count) + 64 bytes (first signature)
+    let expectedTxSig;
+    try {
+        const wireBinary = atob(wireBase64);
+        if (wireBinary.length > 64) {
+            const sigBytes = new Uint8Array(64);
+            for (let i = 0; i < 64; i++)
+                sigBytes[i] = wireBinary.charCodeAt(i + 1);
+            expectedTxSig = getBase58Decoder().decode(sigBytes);
+        }
+    }
+    catch {
+        // Non-fatal — sig extraction is for audit, not blocking
+    }
+    // Encode x402 payload
+    const encodedPayload = encodePaymentSignatureHeader({
+        x402Version: 2,
+        resource: paymentRequired.resource,
+        accepted: selected,
+        payload: { transaction: wireBase64 },
+    });
+    // Step 15: Retry with PAYMENT-SIGNATURE header
+    const retryHeaders = new Headers(init.headers);
+    retryHeaders.set("PAYMENT-SIGNATURE", encodedPayload);
+    let retryResponse = (await globalThis.fetch(urlStr, {
+        ...init,
+        headers: retryHeaders,
+    }));
+    for (let attempt = 1; attempt < maxRetries &&
+        !(retryResponse.status >= 200 && retryResponse.status < 300); attempt++) {
+        retryResponse = (await globalThis.fetch(urlStr, {
+            ...init,
+            headers: retryHeaders,
+        }));
+    }
+    // Step 16: Validate settlement response
+    const paymentResponseHeader = retryResponse.headers.get("payment-response") ??
+        retryResponse.headers.get("PAYMENT-RESPONSE");
+    let settlement;
+    if (paymentResponseHeader) {
+        try {
+            settlement = decodePaymentResponseHeader(paymentResponseHeader);
+            const verification = await validateSettlement(settlement);
+            if (verification.warnings.length > 0) {
+                console.warn("[x402] Settlement warnings:", verification.warnings);
+            }
+        }
+        catch {
+            // Non-fatal — settlement data is optional
+        }
+    }
+    // Settlement signature verification (D1: signature comparison)
+    if (expectedTxSig &&
+        settlement?.transaction &&
+        settlement.transaction !== expectedTxSig) {
+        emitPaymentEvent(config, createPaymentEvent({
+            url: urlStr,
+            payTo: selected.payTo,
+            asset: selected.asset,
+            amount: selected.amount,
+            paid: true,
+            deniedReason: `Settlement signature mismatch: expected ${expectedTxSig}, got ${settlement.transaction}`,
+            startTime,
+        }));
+    }
+    // Step 17: Record spend after on-chain confirmation (2.9.2 fix)
+    if (retryResponse.ok) {
+        if (config?.enableReplayProtection !== false) {
+            await globalNonceTracker.record(urlStr, selected.payTo, selected.amount);
+        }
+        recordPaymentAmount(parsedAmount);
+        // On-chain confirmation gate (2.9.2):
+        //   confirmed → record spend
+        //   failed    → DON'T record (TX errored on-chain)
+        //   timeout   → record spend (defense-in-depth, can't confirm either way)
+        //   disabled  → record spend (confirmPayment: false)
+        let shouldRecordSpend = true;
+        if (config?.confirmPayment !== false &&
+            settlement?.transaction &&
+            effectiveRpc) {
+            const timeout = config?.confirmPaymentTimeoutMs ?? 10_000;
+            const status = await confirmSettlementOnChain(effectiveRpc, settlement.transaction, timeout);
+            if (status === "failed") {
+                shouldRecordSpend = false;
+                console.warn(`[x402] Payment TX ${settlement.transaction} failed on-chain — spend NOT recorded`);
+            }
+            else if (status === "timeout") {
+                console.warn(`[x402] Payment TX ${settlement.transaction} not confirmed within ${timeout}ms — recording spend (defense-in-depth)`);
+            }
+        }
+        if (shieldCtx && shouldRecordSpend) {
+            recordX402Spend(shieldCtx, selected.asset, parsedAmount);
+        }
+        const event = createPaymentEvent({
+            url: urlStr,
+            payTo: selected.payTo,
+            asset: selected.asset,
+            amount: selected.amount,
+            paid: true,
+            settlement,
+            startTime,
+            nonce: NonceTracker.buildKey(urlStr, selected.payTo, selected.amount),
+        });
+        emitPaymentEvent(config, event);
+        retryResponse.x402 = {
+            paid: true,
+            amountPaid: selected.amount,
+            asset: selected.asset,
+            payTo: selected.payTo,
+            settlement,
+        };
+    }
+    else {
+        const failEvent = createPaymentEvent({
+            url: urlStr,
+            payTo: selected.payTo,
+            asset: selected.asset,
+            amount: selected.amount,
+            paid: false,
+            deniedReason: `Server returned ${retryResponse.status} after payment attempt`,
+            startTime,
+        });
+        emitPaymentEvent(config, failEvent);
+        retryResponse.x402 = {
+            paid: false,
+            amountPaid: selected.amount,
+            asset: selected.asset,
+            payTo: selected.payTo,
+            settlement,
+        };
+    }
+    return retryResponse;
+}
+/**
+ * Create a wallet-bound fetch function with automatic x402 payment support.
+ *
+ * @example
+ * ```typescript
+ * const fetch402 = createShieldedFetch(signer, config, shieldCtx, rpc);
+ * const res = await fetch402('https://api.example.com/paid-endpoint');
+ * ```
+ */
+export function createShieldedFetch(signer, config, shieldCtx, rpc) {
+    return (url, init) => shieldedFetch(signer, url, config, shieldCtx, rpc, init);
+}
+// ─── Internal Helpers ───────────────────────────────────────────────────────
+function hasPaymentSignatureHeader(headers) {
+    if (!headers)
+        return false;
+    if (headers instanceof Headers) {
+        return headers.has("PAYMENT-SIGNATURE") || headers.has("payment-signature");
+    }
+    if (Array.isArray(headers)) {
+        return headers.some(([k]) => k.toLowerCase() === "payment-signature");
+    }
+    const rec = headers;
+    return Object.keys(rec).some((k) => k.toLowerCase() === "payment-signature");
+}
+//# sourceMappingURL=shielded-fetch.js.map

package/dist/x402/shielded-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shielded-fetch.js","sourceRoot":"","sources":["../../src/x402/shielded-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,OAAO,EACL,IAAI,EACJ,wBAAwB,EACxB,6BAA6B,EAC7B,2CAA2C,EAC3C,mCAAmC,EACnC,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAQrB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,4BAA4B,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,gCAAgC;AAChC,MAAM,kBAAkB,GAAG,IAAI,YAAY,EAAE,CAAC;AAE9C;;;;;;;GAOG;AACH,KAAK,UAAU,wBAAwB,CACrC,GAAsB,EACtB,WAAmB,EACnB,SAAiB;IAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,oBAAoB,CAAC,CAAC,WAA2E,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpI,MAAM,QAAQ,GAAI,MAA4D,CAAC,KAAK,CAAC;QACrF,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAmD,CAAC;YAC7E,IAAI,MAAM,CAAC,GAAG;gBAAE,OAAO,QAAQ,CAAC;YAChC,IAAI,MAAM,CAAC,kBAAkB,KAAK,WAAW,IAAI,MAAM,CAAC,kBAAkB,KAAK,WAAW,EAAE,CAAC;gBAC3F,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QACD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7C,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,GAAiB,EACjB,MAAmB,EACnB,SAA2B,EAC3B,GAAuB,EACvB,YAAmC;IAEnC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,MAAM,YAAY,GAAG,YAAY,EAAE,GAAG,IAAI,GAAG,CAAC;IAE9C,0BAA0B;IAC1B,IAAI,CAAC,MAAM,EAAE,mBAAmB,IAAI,MAAM,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC1E,OAAO,CAAC,IAAI,CACV,+EAA+E;YAC7E,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,IAAI,CAAC,MAAM,EAAE,iBAAiB,EAAE,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,gBAAgB,CACxB,mDAAmD;gBACjD,uDAAuD,CAC1D,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACpE,MAAM,IAAI,gBAAgB,CACxB,sDAAsD,CACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,IAAI,GAAgB,EAAE,GAAG,YAAY,EAAE,CAAC;IAC9C,OAAQ,IAAgC,CAAC,GAAG,CAAC;IAC7C,OAAQ,IAAgC,CAAC,MAAM,CAAC;IAChD,OAAQ,IAAgC,CAAC,UAAU,CAAC;IAEpD,wBAAwB;IACxB,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEtD,8BAA8B;IAC9B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,QAAiC,CAAC;IAC3C,CAAC;IAED,6DAA6D;IAC7D,MAAM,qBAAqB,GACzB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACxC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAE3C,mCAAmC;IACnC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,OAAO,QAAiC,CAAC;IAC3C,CAAC;IAED,yEAAyE;IACzE,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,gBAAgB,CACxB,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,eAAe,GAAG,2BAA2B,CAAC,qBAAqB,CAAC,CAAC;IAE3E,wDAAwD;IACxD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAE9D,uBAAuB;IACvB,IAAI,MAAM,EAAE,sBAAsB,KAAK,KAAK,EAAE,CAAC;QAC7C,MAAM,kBAAkB,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACjF,CAAC;IAED,yBAAyB;IACzB,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEpE,yCAAyC;IACzC,IACE,YAAY,EAAE,UAAU,KAAK,SAAS;QACtC,YAAY,GAAG,YAAY,CAAC,UAAU,EACtC,CAAC;QACD,MAAM,IAAI,gBAAgB,CACxB,mBAAmB,QAAQ,CAAC,MAAM,sBAAsB,YAAY,CAAC,UAAU,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,UAAU,GAAG,mBAAmB,CACpC,QAAQ,EACR,SAAS,EACT,MAAM,EACN,MAAM,CAAC,OAAO,CACf,CAAC;QACF,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,kBAAkB,CAAC;gBAC/B,GAAG,EAAE,MAAM;gBACX,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,IAAI,EAAE,KAAK;gBACX,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;gBACnC,SAAS;aACV,CAAC,CAAC;YACH,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAEhC,MAAM,IAAI,gBAAgB,CACxB,kCAAkC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,YAAY,EAAE,MAAM,EAAE,CAAC;QACzB,MAAM,WAAW,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;YACrC,MAAM,EAAE,GAAG;SACZ,CAA0B,CAAC;QAC5B,WAAW,CAAC,IAAI,GAAG;YACjB,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,QAAQ,CAAC,MAAM;YAC3B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;SACtB,CAAC;QACF,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,6CAA6C;IAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,gBAAgB,CACxB,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,EAAE,QAAQ,IAAI,CAAC,CAAC;IAE1C,MAAM,UAAU,GAAG,MAAM,4BAA4B,CAAC;QACpD,IAAI,EAAE,MAAM,CAAC,OAAO;QACpB,KAAK,EAAE,QAAQ,CAAC,KAAgB;QAChC,KAAK,EAAE,QAAQ,CAAC,KAAgB;QAChC,MAAM,EAAE,YAAY;QACpB,QAAQ;KACT,CAAC,CAAC;IAEH,uDAAuD;IACvD,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,YAAY;SAChD,kBAAkB,EAAE;SACpB,IAAI,EAAE,CAAC;IAEV,MAAM,SAAS,GAAG,IAAI,CACpB,wBAAwB,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EACxC,CAAC,EAAE,EAAE,EAAE,CAAC,6BAA6B,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,EACzD,CAAC,EAAE,EAAE,EAAE,CACL,2CAA2C,CACzC,aAEI,EACJ,EAAE,CACH,EACH,CAAC,EAAE,EAAE,EAAE,CAAC,mCAAmC,CAAC,UAAU,EAAE,EAAE,CAAC,CAC5D,CAAC;IAEF,MAAM,UAAU,GAAG,kBAAkB,CACnC,SAAqD,CACtD,CAAC;IAEF,qCAAqC;IACrC,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAE3D,0DAA0D;IAC1D,2EAA2E;IAC3E,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QACpC,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;gBAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACxE,aAAa,GAAG,gBAAgB,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,4BAA4B,CAAC;QAClD,WAAW,EAAE,CAAC;QACd,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE;KACrC,CAAC,CAAC;IAEH,+CAA+C;IAC/C,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAiC,CAAC,CAAC;IACzE,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC;IAEtD,IAAI,aAAa,GAAG,CAAC,MAAM,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE;QAClD,GAAG,IAAI;QACP,OAAO,EAAE,YAAY;KACtB,CAAC,CAA0B,CAAC;IAE7B,KACE,IAAI,OAAO,GAAG,CAAC,EACf,OAAO,GAAG,UAAU;QACpB,CAAC,CAAC,aAAa,CAAC,MAAM,IAAI,GAAG,IAAI,aAAa,CAAC,MAAM,GAAG,GAAG,CAAC,EAC5D,OAAO,EAAE,EACT,CAAC;QACD,aAAa,GAAG,CAAC,MAAM,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE;YAC9C,GAAG,IAAI;YACP,OAAO,EAAE,YAAY;SACtB,CAAC,CAA0B,CAAC;IAC/B,CAAC;IAED,wCAAwC;IACxC,MAAM,qBAAqB,GACzB,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAC7C,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAEhD,IAAI,UAAsC,CAAC;IAC3C,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,UAAU,GAAG,2BAA2B,CAAC,qBAAqB,CAAC,CAAC;YAChE,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC1D,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;QAC5C,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,IACE,aAAa;QACb,UAAU,EAAE,WAAW;QACvB,UAAU,CAAC,WAAW,KAAK,aAAa,EACxC,CAAC;QACD,gBAAgB,CACd,MAAM,EACN,kBAAkB,CAAC;YACjB,GAAG,EAAE,MAAM;YACX,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,IAAI;YACV,YAAY,EAAE,2CAA2C,aAAa,SAAS,UAAU,CAAC,WAAW,EAAE;YACvG,SAAS;SACV,CAAC,CACH,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;QACrB,IAAI,MAAM,EAAE,sBAAsB,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,kBAAkB,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3E,CAAC;QACD,mBAAmB,CAAC,YAAY,CAAC,CAAC;QAElC,sCAAsC;QACtC,6BAA6B;QAC7B,mDAAmD;QACnD,0EAA0E;QAC1E,qDAAqD;QACrD,IAAI,iBAAiB,GAAG,IAAI,CAAC;QAC7B,IACE,MAAM,EAAE,cAAc,KAAK,KAAK;YAChC,UAAU,EAAE,WAAW;YACvB,YAAY,EACZ,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,EAAE,uBAAuB,IAAI,MAAM,CAAC;YAC1D,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,YAAY,EAAE,UAAU,CAAC,WAAW,EAAE,OAAO,CAC9C,CAAC;YACF,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,iBAAiB,GAAG,KAAK,CAAC;gBAC1B,OAAO,CAAC,IAAI,CACV,qBAAqB,UAAU,CAAC,WAAW,uCAAuC,CACnF,CAAC;YACJ,CAAC;iBAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CACV,qBAAqB,UAAU,CAAC,WAAW,yBAAyB,OAAO,yCAAyC,CACrH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,SAAS,IAAI,iBAAiB,EAAE,CAAC;YACnC,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAG,kBAAkB,CAAC;YAC/B,GAAG,EAAE,MAAM;YACX,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,IAAI;YACV,UAAU;YACV,SAAS;YACT,KAAK,EAAE,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;SACtE,CAAC,CAAC;QACH,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEhC,aAAa,CAAC,IAAI,GAAG;YACnB,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,QAAQ,CAAC,MAAM;YAC3B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,UAAU;SACX,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,kBAAkB,CAAC;YACnC,GAAG,EAAE,MAAM;YACX,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,mBAAmB,aAAa,CAAC,MAAM,wBAAwB;YAC7E,SAAS;SACV,CAAC,CAAC;QACH,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpC,aAAa,CAAC,IAAI,GAAG;YACnB,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,QAAQ,CAAC,MAAM;YAC3B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,UAAU;SACX,CAAC;IACJ,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAyB,EACzB,MAAmB,EACnB,SAA2B,EAC3B,GAAuB;IAKvB,OAAO,CAAC,GAAiB,EAAE,IAA2B,EAAE,EAAE,CACxD,aAAa,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,+EAA+E;AAE/E,SAAS,yBAAyB,CAAC,OAA+B;IAChE,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,IAAI,OAAO,YAAY,OAAO,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,GAAG,GAAG,OAAiC,CAAC;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAAC,CAAC;AAC/E,CAAC"}

package/dist/x402/transfer-builder.d.ts

@@ -0,0 +1,43 @@
+/**
+ * x402 Transfer Builder — Kit-native
+ *
+ * Builds SPL TransferChecked instructions from raw bytes.
+ * Zero dependency on @solana-program/token — the instruction is 10 bytes
+ * of data + 4 accounts, trivial to encode directly.
+ */
+import type { Address, Instruction } from "@solana/kit";
+import type { InspectableInstruction } from "../inspector.js";
+export declare const TOKEN_PROGRAM_ID: Address;
+export declare const ATA_PROGRAM_ID: Address;
+/**
+ * Derive an Associated Token Account address.
+ * Seeds: [owner, TOKEN_PROGRAM_ID, mint]
+ */
+export declare function deriveAta(owner: Address, mint: Address): Promise<Address>;
+/**
+ * Build an SPL TransferChecked instruction for an x402 payment.
+ *
+ * Instruction data layout:
+ *   [0]: 12 (TransferChecked discriminator)
+ *   [1-8]: amount as u64 LE
+ *   [9]: decimals
+ *
+ * Accounts:
+ *   0: source ATA (writable)
+ *   1: mint (readonly)
+ *   2: destination ATA (writable)
+ *   3: authority/owner (signer)
+ */
+export declare function buildX402TransferInstruction(params: {
+    from: Address;
+    payTo: Address;
+    asset: Address;
+    amount: bigint;
+    decimals: number;
+}): Promise<Instruction>;
+/**
+ * Convert a built transfer instruction to an InspectableInstruction
+ * for Shield policy evaluation.
+ */
+export declare function transferToInspectable(ix: Instruction): InspectableInstruction;
+//# sourceMappingURL=transfer-builder.d.ts.map

package/dist/x402/transfer-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer-builder.d.ts","sourceRoot":"","sources":["../../src/x402/transfer-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAI9D,eAAO,MAAM,gBAAgB,EACsB,OAAO,CAAC;AAC3D,eAAO,MAAM,cAAc,EACyB,OAAO,CAAC;AAO5D;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,OAAO,GACZ,OAAO,CAAC,OAAO,CAAC,CAalB;AAkBD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,EAAE;IACzD,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,OAAO,CAAC,WAAW,CAAC,CA0BvB;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,WAAW,GAAG,sBAAsB,CAM7E"}