npm - @wtflabs/x402 - Versions diffs - 0.0.1-beta.3 → 0.0.1-beta.5 - Mend

@wtflabs/x402 0.0.1-beta.3 → 0.0.1-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/cjs/client/index.d.ts +1 -1
package/dist/cjs/client/index.js +6 -1
package/dist/cjs/client/index.js.map +1 -1
package/dist/cjs/facilitator/index.d.ts +1 -1
package/dist/cjs/facilitator/index.js +119 -6
package/dist/cjs/facilitator/index.js.map +1 -1
package/dist/cjs/index.d.ts +1 -1
package/dist/cjs/index.js +119 -6
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/{middleware-Brgsx32F.d.ts → middleware-nzDe-TDJ.d.ts} +1 -1
package/dist/cjs/paywall/index.d.ts +1 -1
package/dist/cjs/schemes/index.d.ts +25 -7
package/dist/cjs/schemes/index.js +151 -13
package/dist/cjs/schemes/index.js.map +1 -1
package/dist/cjs/shared/index.d.ts +2 -2
package/dist/cjs/shared/index.js +6 -1
package/dist/cjs/shared/index.js.map +1 -1
package/dist/cjs/types/index.d.ts +93 -4
package/dist/cjs/types/index.js +64 -1
package/dist/cjs/types/index.js.map +1 -1
package/dist/cjs/verify/index.d.ts +2 -2
package/dist/cjs/verify/index.js +6 -1
package/dist/cjs/verify/index.js.map +1 -1
package/dist/{esm/x402Specs-CYq5tSY1.d.mts → cjs/x402Specs-BtRXj67U.d.ts} +43 -10
package/dist/esm/{chunk-RX2JKK4O.mjs → chunk-J3FMDNC3.mjs} +2 -2
package/dist/esm/{chunk-34YNR4LY.mjs → chunk-K5SAFQCZ.mjs} +3 -3
package/dist/esm/{chunk-UCBE7FDY.mjs → chunk-NPWDNT2P.mjs} +67 -2
package/dist/esm/chunk-NPWDNT2P.mjs.map +1 -0
package/dist/esm/{chunk-ZEZOGZ3K.mjs → chunk-TAYXZJPR.mjs} +101 -16
package/dist/esm/chunk-TAYXZJPR.mjs.map +1 -0
package/dist/esm/{chunk-CJV3GAPG.mjs → chunk-URGZOTVQ.mjs} +3 -3
package/dist/esm/client/index.d.mts +1 -1
package/dist/esm/client/index.mjs +3 -3
package/dist/esm/facilitator/index.d.mts +1 -1
package/dist/esm/facilitator/index.mjs +4 -4
package/dist/esm/index.d.mts +1 -1
package/dist/esm/index.mjs +5 -5
package/dist/esm/{middleware-BSjsPDKM.d.mts → middleware-DSDucaQ5.d.mts} +1 -1
package/dist/esm/paywall/index.d.mts +1 -1
package/dist/esm/schemes/index.d.mts +25 -7
package/dist/esm/schemes/index.mjs +3 -3
package/dist/esm/shared/index.d.mts +2 -2
package/dist/esm/shared/index.mjs +1 -1
package/dist/esm/types/index.d.mts +93 -4
package/dist/esm/types/index.mjs +1 -1
package/dist/esm/verify/index.d.mts +2 -2
package/dist/esm/verify/index.mjs +1 -1
package/dist/{cjs/x402Specs-CYq5tSY1.d.ts → esm/x402Specs-BtRXj67U.d.mts} +43 -10
package/package.json +15 -15
package/dist/cjs/middleware-6_1ApcJn.d.ts +0 -93
package/dist/cjs/middleware-B_ewwsQp.d.ts +0 -93
package/dist/cjs/middleware-BwfW7mAs.d.ts +0 -93
package/dist/cjs/middleware-CQb61c1k.d.ts +0 -93
package/dist/cjs/middleware-DB9lqy9f.d.ts +0 -93
package/dist/cjs/middleware-DcHctwQV.d.ts +0 -93
package/dist/cjs/middleware-De0jD3Bp.d.ts +0 -93
package/dist/cjs/middleware-HoFOmpgv.d.ts +0 -93
package/dist/cjs/middleware-Y8AiAfYw.d.ts +0 -93
package/dist/cjs/middleware-pnres9YM.d.ts +0 -93
package/dist/cjs/network-RtNddYQk.d.ts +0 -11
package/dist/cjs/rpc-Ca8eHCWz.d.ts +0 -35
package/dist/cjs/wallet-BRWfOM5D.d.ts +0 -153
package/dist/cjs/wallet-BYRAGtOB.d.ts +0 -153
package/dist/cjs/wallet-BmEtlgEf.d.ts +0 -48
package/dist/cjs/wallet-CNOAmyZ6.d.ts +0 -48
package/dist/cjs/wallet-D1SoxFTw.d.ts +0 -48
package/dist/cjs/wallet-SJ-hbjm9.d.ts +0 -153
package/dist/cjs/wallet-ecnda4Aj.d.ts +0 -48
package/dist/cjs/wallet-gP8Qoi-c.d.ts +0 -74
package/dist/cjs/x402Specs-B7InXo2L.d.ts +0 -1065
package/dist/cjs/x402Specs-BLH3j34O.d.ts +0 -1696
package/dist/cjs/x402Specs-C7LipAZg.d.ts +0 -1715
package/dist/cjs/x402Specs-CeajqonG.d.ts +0 -1696
package/dist/cjs/x402Specs-qMujgEV5.d.ts +0 -1715
package/dist/cjs/x402Specs-qUBCpcuz.d.ts +0 -1715
package/dist/esm/chunk-UCBE7FDY.mjs.map +0 -1
package/dist/esm/chunk-ZEZOGZ3K.mjs.map +0 -1
/package/dist/esm/{chunk-RX2JKK4O.mjs.map → chunk-J3FMDNC3.mjs.map} +0 -0
/package/dist/esm/{chunk-34YNR4LY.mjs.map → chunk-K5SAFQCZ.mjs.map} +0 -0
/package/dist/esm/{chunk-CJV3GAPG.mjs.map → chunk-URGZOTVQ.mjs.map} +0 -0

package/dist/cjs/{middleware-Brgsx32F.d.ts → middleware-nzDe-TDJ.d.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { N as Network } from './network-FrFmmiyj.js';
 import { E as EvmSigner } from './wallet-SJKJpUgQ.js';
-import { a as PaymentPayload, P as PaymentRequirements, J as VerifyResponse, S as SettleResponse, X as SupportedPaymentKindsResponse, M as ListDiscoveryResourcesRequest, O as ListDiscoveryResourcesResponse, z as HTTPRequestStructure } from './x402Specs-CYq5tSY1.js';
+import { a as PaymentPayload, P as PaymentRequirements, J as VerifyResponse, S as SettleResponse, X as SupportedPaymentKindsResponse, M as ListDiscoveryResourcesRequest, O as ListDiscoveryResourcesResponse, z as HTTPRequestStructure } from './x402Specs-BtRXj67U.js';
 declare const moneySchema: z.ZodPipeline<z.ZodUnion<[z.ZodEffects<z.ZodString, string, string>, z.ZodNumber]>, z.ZodNumber>;
 type Money = z.input<typeof moneySchema>;

package/dist/cjs/paywall/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { P as PaymentRequirements } from '../x402Specs-CYq5tSY1.js';
+import { P as PaymentRequirements } from '../x402Specs-BtRXj67U.js';
 import 'zod';
 interface PaywallOptions {

package/dist/cjs/schemes/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Address, Transport, Chain, LocalAccount, Hex, Account } from 'viem';
 import { S as SignerWallet, C as ConnectedClient } from '../wallet-SJKJpUgQ.js';
-import { P as PaymentRequirements, p as UnsignedEip3009PaymentPayload, o as Eip3009PaymentPayload, e as ExactEvmPayloadAuthorization, J as VerifyResponse, S as SettleResponse, r as UnsignedPermitPaymentPayload, q as PermitPaymentPayload, g as PermitEvmPayloadAuthorization, u as UnsignedPermit2PaymentPayload, t as Permit2PaymentPayload, i as Permit2EvmPayloadAuthorization, a as PaymentPayload, b as ErrorReasons, E as ExactSvmPayload } from '../x402Specs-CYq5tSY1.js';
+import { P as PaymentRequirements, p as UnsignedEip3009PaymentPayload, o as Eip3009PaymentPayload, e as ExactEvmPayloadAuthorization, J as VerifyResponse, S as SettleResponse, r as UnsignedPermitPaymentPayload, q as PermitPaymentPayload, g as PermitEvmPayloadAuthorization, u as UnsignedPermit2PaymentPayload, t as Permit2PaymentPayload, i as Permit2EvmPayloadAuthorization, a as PaymentPayload, b as ErrorReasons, E as ExactSvmPayload } from '../x402Specs-BtRXj67U.js';
 import { X as X402Config } from '../config-Dfuvno71.js';
 import { KeyPairSigner, signTransaction, RpcDevnet, SolanaRpcApiDevnet, RpcMainnet, SolanaRpcApiMainnet, SendTransactionApi, CompilableTransactionMessage, Instruction, AccountLookupMeta, AccountMeta } from '@solana/kit';
 import { b as getRpcSubscriptions } from '../rpc-BMvnNNHd.js';
@@ -204,17 +204,23 @@ declare namespace index$4 {
 }
 /**
- * Prepares an unsigned Permit2 payment header
+ * Prepares an unsigned Permit2 payment header with witness support
+ *
+ * By default, this function enables witness mode which binds the recipient address
+ * to the signature, preventing the facilitator from changing the payment destination.
  *
  * @param from - The token owner's address
  * @param x402Version - The version of the X402 protocol to use
  * @param paymentRequirements - The payment requirements containing scheme and network information
- * @returns An unsigned Permit2 payment payload containing permit2 authorization details
+ * @returns An unsigned Permit2 payment payload containing permit2 authorization details with witness
  */
 declare function preparePaymentHeader(from: Address, x402Version: number, paymentRequirements: PaymentRequirements): UnsignedPermit2PaymentPayload;
 /**
  * Signs a Permit2 payment header using the provided client and payment requirements.
  *
+ * Supports both witness and non-witness modes based on the presence of the `to` field
+ * in the unsigned payment header.
+ *
  * @param client - The signer wallet instance used to sign the permit2
  * @param paymentRequirements - The payment requirements containing scheme and network information
  * @param unsignedPaymentHeader - The unsigned Permit2 payment payload to be signed
@@ -241,7 +247,11 @@ declare function createPayment<transport extends Transport, chain extends Chain>
 declare function createPaymentHeader$1(client: SignerWallet | LocalAccount, x402Version: number, paymentRequirements: PaymentRequirements): Promise<string>;
 /**
- * Signs a Permit2 PermitTransferFrom authorization
+ * Signs a Permit2 authorization (PermitTransferFrom or PermitWitnessTransferFrom)
+ *
+ * Automatically detects witness mode based on the presence of the `to` field.
+ * - If `to` is provided: Uses PermitWitnessTransferFrom (binds recipient to signature)
+ * - If `to` is omitted: Uses PermitTransferFrom (legacy mode)
  *
  * @param walletClient - The wallet client that will sign the permit
  * @param params - The permit2 parameters
@@ -250,11 +260,12 @@ declare function createPaymentHeader$1(client: SignerWallet | LocalAccount, x402
  * @param params.token - The address of the token to transfer
  * @param params.amount - The amount of tokens to transfer (in base units)
  * @param params.deadline - Unix timestamp after which the permit is no longer valid
+ * @param params.to - Optional recipient address for witness mode
  * @param paymentRequirements - The payment requirements containing network information
  * @param paymentRequirements.network - The network where the token exists
  * @returns The signature and nonce for the permit2
  */
-declare function signPermit2<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, { owner, spender, token, amount, deadline }: Omit<Permit2EvmPayloadAuthorization, "nonce">, { network }: PaymentRequirements): Promise<{
+declare function signPermit2<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, { owner, spender, token, amount, deadline, to }: Omit<Permit2EvmPayloadAuthorization, "nonce">, { network }: PaymentRequirements): Promise<{
     signature: Hex;
     nonce: string;
 }>;
@@ -269,7 +280,11 @@ declare function signPermit2<transport extends Transport, chain extends Chain>(w
 declare function createPermit2Nonce<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, ownerAddress: `0x${string}`): Promise<bigint>;
 /**
- * Verifies a Permit2 payment payload
+ * Verifies a Permit2 payment payload (with or without witness)
+ *
+ * Supports both witness and non-witness modes:
+ * - Witness mode: Verifies that the recipient address is bound to the signature
+ * - Non-witness mode: Uses standard PermitTransferFrom verification
  *
  * @param client - The public client used for blockchain interactions
  * @param payload - The signed payment payload containing permit2 parameters and signature
@@ -278,7 +293,10 @@ declare function createPermit2Nonce<transport extends Transport, chain extends C
  */
 declare function verify$2<transport extends Transport, chain extends Chain, account extends Account | undefined>(client: ConnectedClient<transport, chain, account>, payload: Permit2PaymentPayload, paymentRequirements: PaymentRequirements): Promise<VerifyResponse>;
 /**
- * Settles a Permit2 payment by calling permitTransferFrom()
+ * Settles a Permit2 payment by calling permitTransferFrom() or permitWitnessTransferFrom()
+ *
+ * Automatically selects the appropriate function based on whether the payment includes
+ * a witness (recipient address binding).
  *
  * @param wallet - The facilitator wallet that will execute the permit transfer
  * @param paymentPayload - The signed payment payload containing permit2 parameters and signature

package/dist/cjs/schemes/index.js CHANGED Viewed

@@ -357,6 +357,21 @@ var permit2Types = {
     { name: "amount", type: "uint256" }
   ]
 };
+var permit2WitnessTypes = {
+  PermitWitnessTransferFrom: [
+    { name: "permitted", type: "TokenPermissions" },
+    { name: "spender", type: "address" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" },
+    { name: "witness", type: "Witness" }
+  ],
+  TokenPermissions: [
+    { name: "token", type: "address" },
+    { name: "amount", type: "uint256" }
+  ],
+  Witness: [{ name: "to", type: "address" }]
+};
+var WITNESS_TYPE_STRING = "Witness(address to)";
 var permit2ABI = [
   {
     inputs: [
@@ -426,6 +441,45 @@ var permit2ABI = [
     outputs: [{ internalType: "uint256", name: "", type: "uint256" }],
     stateMutability: "view",
     type: "function"
+  },
+  {
+    inputs: [
+      {
+        components: [
+          {
+            components: [
+              { internalType: "address", name: "token", type: "address" },
+              { internalType: "uint256", name: "amount", type: "uint256" }
+            ],
+            internalType: "struct ISignatureTransfer.TokenPermissions",
+            name: "permitted",
+            type: "tuple"
+          },
+          { internalType: "uint256", name: "nonce", type: "uint256" },
+          { internalType: "uint256", name: "deadline", type: "uint256" }
+        ],
+        internalType: "struct ISignatureTransfer.PermitTransferFrom",
+        name: "permit",
+        type: "tuple"
+      },
+      {
+        components: [
+          { internalType: "address", name: "to", type: "address" },
+          { internalType: "uint256", name: "requestedAmount", type: "uint256" }
+        ],
+        internalType: "struct ISignatureTransfer.SignatureTransferDetails",
+        name: "transferDetails",
+        type: "tuple"
+      },
+      { internalType: "address", name: "owner", type: "address" },
+      { internalType: "bytes32", name: "witness", type: "bytes32" },
+      { internalType: "string", name: "witnessTypeString", type: "string" },
+      { internalType: "bytes", name: "signature", type: "bytes" }
+    ],
+    name: "permitWitnessTransferFrom",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
   }
 ];
@@ -1243,6 +1297,8 @@ var ErrorReasons = [
   "invalid_authorization_type",
   "invalid_permit_signature",
   "invalid_permit2_signature",
+  "invalid_permit2_witness_signature",
+  "witness_recipient_mismatch",
   "permit_expired",
   "permit2_expired",
   "permit2_not_approved",
@@ -1250,6 +1306,7 @@ var ErrorReasons = [
   "invalid_spender_address",
   "token_mismatch",
   "insufficient_payment_amount",
+  "insufficient_token_balance",
   "transaction_failed",
   "settlement_failed"
 ];
@@ -1292,7 +1349,9 @@ var Permit2EvmPayloadAuthorizationSchema = import_zod3.z.object({
   token: import_zod3.z.string().regex(EvmAddressRegex),
   amount: import_zod3.z.string().refine(isInteger).refine(hasMaxLength(EvmMaxAtomicUnits)),
   deadline: import_zod3.z.string().refine(isInteger),
-  nonce: import_zod3.z.string().refine(isInteger)
+  nonce: import_zod3.z.string().refine(isInteger),
+  to: import_zod3.z.string().regex(EvmAddressRegex).optional()
+  // Witness: binds recipient address to signature
 });
 var ExactEvmPayloadSchema = import_zod3.z.discriminatedUnion("authorizationType", [
   import_zod3.z.object({
@@ -2041,11 +2100,41 @@ async function verify3(client, payload, paymentRequirements) {
     };
   }
   const permit2Payload = payload.payload;
-  const { owner, spender, token, amount, deadline, nonce } = permit2Payload.authorization;
+  const { owner, spender, token, amount, deadline, nonce, to } = permit2Payload.authorization;
   const chainId = getNetworkId(payload.network);
   const tokenAddress = (0, import_viem5.getAddress)(token);
   const ownerAddress = (0, import_viem5.getAddress)(owner);
-  const permit2TypedData = {
+  const hasWitness = !!to;
+  if (hasWitness) {
+    if ((0, import_viem5.getAddress)(to) !== (0, import_viem5.getAddress)(paymentRequirements.payTo)) {
+      return {
+        isValid: false,
+        invalidReason: "witness_recipient_mismatch",
+        payer: owner
+      };
+    }
+  }
+  const permit2TypedData = hasWitness ? {
+    types: permit2WitnessTypes,
+    domain: {
+      name: "Permit2",
+      chainId,
+      verifyingContract: PERMIT2_ADDRESS
+    },
+    primaryType: "PermitWitnessTransferFrom",
+    message: {
+      permitted: {
+        token: tokenAddress,
+        amount
+      },
+      spender: (0, import_viem5.getAddress)(spender),
+      nonce,
+      deadline,
+      witness: {
+        to: (0, import_viem5.getAddress)(to)
+      }
+    }
+  } : {
     types: permit2Types,
     domain: {
       name: "Permit2",
@@ -2071,7 +2160,7 @@ async function verify3(client, payload, paymentRequirements) {
   if (!recoveredAddress) {
     return {
       isValid: false,
-      invalidReason: "invalid_permit2_signature",
+      invalidReason: hasWitness ? "invalid_permit2_witness_signature" : "invalid_permit2_signature",
       payer: owner
     };
   }
@@ -2146,10 +2235,34 @@ async function settle3(wallet, paymentPayload, paymentRequirements) {
       payer: permit2Payload.authorization.owner
     };
   }
-  const { owner, token, amount, deadline, nonce } = permit2Payload.authorization;
+  const { owner, token, amount, deadline, nonce, to } = permit2Payload.authorization;
   const tokenAddress = (0, import_viem5.getAddress)(token);
   const ownerAddress = (0, import_viem5.getAddress)(owner);
-  const tx = await wallet.writeContract({
+  const hasWitness = !!to;
+  const tx = hasWitness ? await wallet.writeContract({
+    address: PERMIT2_ADDRESS,
+    abi: permit2ABI,
+    functionName: "permitWitnessTransferFrom",
+    args: [
+      {
+        permitted: {
+          token: tokenAddress,
+          amount: BigInt(amount)
+        },
+        nonce: BigInt(nonce),
+        deadline: BigInt(deadline)
+      },
+      {
+        to: paymentRequirements.payTo,
+        requestedAmount: BigInt(amount)
+      },
+      ownerAddress,
+      (0, import_viem5.keccak256)((0, import_viem5.encodeAbiParameters)([{ type: "address", name: "to" }], [(0, import_viem5.getAddress)(to)])),
+      WITNESS_TYPE_STRING,
+      permit2Payload.signature
+    ],
+    chain: wallet.chain
+  }) : await wallet.writeContract({
     address: PERMIT2_ADDRESS,
     abi: permit2ABI,
     functionName: "permitTransferFrom",
@@ -2393,7 +2506,7 @@ function preparePaymentHeader2(from, x402Version, paymentRequirements) {
       signature: void 0,
       authorization: {
         owner: from,
-        spender: paymentRequirements.payTo,
+        spender: paymentRequirements.extra?.relayer,
         value: paymentRequirements.maxAmountRequired,
         deadline
       }
@@ -2447,13 +2560,34 @@ __export(permit2_exports, {
 // src/schemes/exact/evm/permit2/sign.ts
 var import_viem7 = require("viem");
-async function signPermit2(walletClient, { owner, spender, token, amount, deadline }, { network }) {
+async function signPermit2(walletClient, { owner, spender, token, amount, deadline, to }, { network }) {
   const chainId = getNetworkId(network);
   const tokenAddress = (0, import_viem7.getAddress)(token);
   const ownerAddress = (0, import_viem7.getAddress)(owner);
   const spenderAddress = (0, import_viem7.getAddress)(spender);
   const nonce = await createPermit2Nonce(walletClient, ownerAddress);
-  const data = {
+  const hasWitness = !!to;
+  const data = hasWitness ? {
+    types: permit2WitnessTypes,
+    domain: {
+      name: "Permit2",
+      chainId,
+      verifyingContract: PERMIT2_ADDRESS
+    },
+    primaryType: "PermitWitnessTransferFrom",
+    message: {
+      permitted: {
+        token: tokenAddress,
+        amount: BigInt(amount)
+      },
+      spender: spenderAddress,
+      nonce,
+      deadline: BigInt(deadline),
+      witness: {
+        to: (0, import_viem7.getAddress)(to)
+      }
+    }
+  } : {
     types: permit2Types,
     domain: {
       name: "Permit2",
@@ -2531,16 +2665,18 @@ function preparePaymentHeader3(from, x402Version, paymentRequirements) {
         spender: paymentRequirements.payTo,
         token: paymentRequirements.asset,
         amount: paymentRequirements.maxAmountRequired,
-        deadline
+        deadline,
+        to: paymentRequirements.payTo
+        // Witness: bind recipient to signature
       }
     }
   };
 }
 async function signPaymentHeader3(client, paymentRequirements, unsignedPaymentHeader) {
-  const { owner, spender, token, amount, deadline } = unsignedPaymentHeader.payload.authorization;
+  const { owner, spender, token, amount, deadline, to } = unsignedPaymentHeader.payload.authorization;
   const { signature, nonce } = await signPermit2(
     client,
-    { owner, spender, token, amount, deadline },
+    { owner, spender, token, amount, deadline, to },
     paymentRequirements
   );
   return {
@@ -2554,7 +2690,9 @@ async function signPaymentHeader3(client, paymentRequirements, unsignedPaymentHe
         token,
         amount,
         deadline,
-        nonce
+        nonce,
+        ...to ? { to } : {}
+        // Include `to` field if present (witness mode)
       }
     }
   };