@wtflabs/x402 0.0.1-beta.4 → 0.0.1-beta.5

package/dist/cjs/{middleware-Brgsx32F.d.ts → middleware-nzDe-TDJ.d.ts}

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { N as Network } from './network-FrFmmiyj.js';
 import { E as EvmSigner } from './wallet-SJKJpUgQ.js';
-import { a as PaymentPayload, P as PaymentRequirements, J as VerifyResponse, S as SettleResponse, X as SupportedPaymentKindsResponse, M as ListDiscoveryResourcesRequest, O as ListDiscoveryResourcesResponse, z as HTTPRequestStructure } from './x402Specs-CYq5tSY1.js';
+import { a as PaymentPayload, P as PaymentRequirements, J as VerifyResponse, S as SettleResponse, X as SupportedPaymentKindsResponse, M as ListDiscoveryResourcesRequest, O as ListDiscoveryResourcesResponse, z as HTTPRequestStructure } from './x402Specs-BtRXj67U.js';
 
 declare const moneySchema: z.ZodPipeline<z.ZodUnion<[z.ZodEffects<z.ZodString, string, string>, z.ZodNumber]>, z.ZodNumber>;
 type Money = z.input<typeof moneySchema>;

package/dist/cjs/paywall/index.d.ts

@@ -1,4 +1,4 @@
-import { P as PaymentRequirements } from '../x402Specs-CYq5tSY1.js';
+import { P as PaymentRequirements } from '../x402Specs-BtRXj67U.js';
 import 'zod';
 
 interface PaywallOptions {

package/dist/cjs/schemes/index.d.ts

@@ -1,6 +1,6 @@
 import { Address, Transport, Chain, LocalAccount, Hex, Account } from 'viem';
 import { S as SignerWallet, C as ConnectedClient } from '../wallet-SJKJpUgQ.js';
-import { P as PaymentRequirements, p as UnsignedEip3009PaymentPayload, o as Eip3009PaymentPayload, e as ExactEvmPayloadAuthorization, J as VerifyResponse, S as SettleResponse, r as UnsignedPermitPaymentPayload, q as PermitPaymentPayload, g as PermitEvmPayloadAuthorization, u as UnsignedPermit2PaymentPayload, t as Permit2PaymentPayload, i as Permit2EvmPayloadAuthorization, a as PaymentPayload, b as ErrorReasons, E as ExactSvmPayload } from '../x402Specs-CYq5tSY1.js';
+import { P as PaymentRequirements, p as UnsignedEip3009PaymentPayload, o as Eip3009PaymentPayload, e as ExactEvmPayloadAuthorization, J as VerifyResponse, S as SettleResponse, r as UnsignedPermitPaymentPayload, q as PermitPaymentPayload, g as PermitEvmPayloadAuthorization, u as UnsignedPermit2PaymentPayload, t as Permit2PaymentPayload, i as Permit2EvmPayloadAuthorization, a as PaymentPayload, b as ErrorReasons, E as ExactSvmPayload } from '../x402Specs-BtRXj67U.js';
 import { X as X402Config } from '../config-Dfuvno71.js';
 import { KeyPairSigner, signTransaction, RpcDevnet, SolanaRpcApiDevnet, RpcMainnet, SolanaRpcApiMainnet, SendTransactionApi, CompilableTransactionMessage, Instruction, AccountLookupMeta, AccountMeta } from '@solana/kit';
 import { b as getRpcSubscriptions } from '../rpc-BMvnNNHd.js';
@@ -204,17 +204,23 @@ declare namespace index$4 {
 }
 
 /**
- * Prepares an unsigned Permit2 payment header
+ * Prepares an unsigned Permit2 payment header with witness support
+ *
+ * By default, this function enables witness mode which binds the recipient address
+ * to the signature, preventing the facilitator from changing the payment destination.
  *
  * @param from - The token owner's address
  * @param x402Version - The version of the X402 protocol to use
  * @param paymentRequirements - The payment requirements containing scheme and network information
- * @returns An unsigned Permit2 payment payload containing permit2 authorization details
+ * @returns An unsigned Permit2 payment payload containing permit2 authorization details with witness
  */
 declare function preparePaymentHeader(from: Address, x402Version: number, paymentRequirements: PaymentRequirements): UnsignedPermit2PaymentPayload;
 /**
  * Signs a Permit2 payment header using the provided client and payment requirements.
  *
+ * Supports both witness and non-witness modes based on the presence of the `to` field
+ * in the unsigned payment header.
+ *
  * @param client - The signer wallet instance used to sign the permit2
  * @param paymentRequirements - The payment requirements containing scheme and network information
  * @param unsignedPaymentHeader - The unsigned Permit2 payment payload to be signed
@@ -241,7 +247,11 @@ declare function createPayment<transport extends Transport, chain extends Chain>
 declare function createPaymentHeader$1(client: SignerWallet | LocalAccount, x402Version: number, paymentRequirements: PaymentRequirements): Promise<string>;
 
 /**
- * Signs a Permit2 PermitTransferFrom authorization
+ * Signs a Permit2 authorization (PermitTransferFrom or PermitWitnessTransferFrom)
+ *
+ * Automatically detects witness mode based on the presence of the `to` field.
+ * - If `to` is provided: Uses PermitWitnessTransferFrom (binds recipient to signature)
+ * - If `to` is omitted: Uses PermitTransferFrom (legacy mode)
  *
  * @param walletClient - The wallet client that will sign the permit
  * @param params - The permit2 parameters
@@ -250,11 +260,12 @@ declare function createPaymentHeader$1(client: SignerWallet | LocalAccount, x402
  * @param params.token - The address of the token to transfer
  * @param params.amount - The amount of tokens to transfer (in base units)
  * @param params.deadline - Unix timestamp after which the permit is no longer valid
+ * @param params.to - Optional recipient address for witness mode
  * @param paymentRequirements - The payment requirements containing network information
  * @param paymentRequirements.network - The network where the token exists
  * @returns The signature and nonce for the permit2
  */
-declare function signPermit2<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, { owner, spender, token, amount, deadline }: Omit<Permit2EvmPayloadAuthorization, "nonce">, { network }: PaymentRequirements): Promise<{
+declare function signPermit2<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, { owner, spender, token, amount, deadline, to }: Omit<Permit2EvmPayloadAuthorization, "nonce">, { network }: PaymentRequirements): Promise<{
     signature: Hex;
     nonce: string;
 }>;
@@ -269,7 +280,11 @@ declare function signPermit2<transport extends Transport, chain extends Chain>(w
 declare function createPermit2Nonce<transport extends Transport, chain extends Chain>(walletClient: SignerWallet<chain, transport> | LocalAccount, ownerAddress: `0x${string}`): Promise<bigint>;
 
 /**
- * Verifies a Permit2 payment payload
+ * Verifies a Permit2 payment payload (with or without witness)
+ *
+ * Supports both witness and non-witness modes:
+ * - Witness mode: Verifies that the recipient address is bound to the signature
+ * - Non-witness mode: Uses standard PermitTransferFrom verification
  *
  * @param client - The public client used for blockchain interactions
  * @param payload - The signed payment payload containing permit2 parameters and signature
@@ -278,7 +293,10 @@ declare function createPermit2Nonce<transport extends Transport, chain extends C
  */
 declare function verify$2<transport extends Transport, chain extends Chain, account extends Account | undefined>(client: ConnectedClient<transport, chain, account>, payload: Permit2PaymentPayload, paymentRequirements: PaymentRequirements): Promise<VerifyResponse>;
 /**
- * Settles a Permit2 payment by calling permitTransferFrom()
+ * Settles a Permit2 payment by calling permitTransferFrom() or permitWitnessTransferFrom()
+ *
+ * Automatically selects the appropriate function based on whether the payment includes
+ * a witness (recipient address binding).
  *
  * @param wallet - The facilitator wallet that will execute the permit transfer
  * @param paymentPayload - The signed payment payload containing permit2 parameters and signature

package/dist/cjs/schemes/index.js

@@ -357,6 +357,21 @@ var permit2Types = {
     { name: "amount", type: "uint256" }
   ]
 };
+var permit2WitnessTypes = {
+  PermitWitnessTransferFrom: [
+    { name: "permitted", type: "TokenPermissions" },
+    { name: "spender", type: "address" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" },
+    { name: "witness", type: "Witness" }
+  ],
+  TokenPermissions: [
+    { name: "token", type: "address" },
+    { name: "amount", type: "uint256" }
+  ],
+  Witness: [{ name: "to", type: "address" }]
+};
+var WITNESS_TYPE_STRING = "Witness(address to)";
 var permit2ABI = [
   {
     inputs: [
@@ -426,6 +441,45 @@ var permit2ABI = [
     outputs: [{ internalType: "uint256", name: "", type: "uint256" }],
     stateMutability: "view",
     type: "function"
+  },
+  {
+    inputs: [
+      {
+        components: [
+          {
+            components: [
+              { internalType: "address", name: "token", type: "address" },
+              { internalType: "uint256", name: "amount", type: "uint256" }
+            ],
+            internalType: "struct ISignatureTransfer.TokenPermissions",
+            name: "permitted",
+            type: "tuple"
+          },
+          { internalType: "uint256", name: "nonce", type: "uint256" },
+          { internalType: "uint256", name: "deadline", type: "uint256" }
+        ],
+        internalType: "struct ISignatureTransfer.PermitTransferFrom",
+        name: "permit",
+        type: "tuple"
+      },
+      {
+        components: [
+          { internalType: "address", name: "to", type: "address" },
+          { internalType: "uint256", name: "requestedAmount", type: "uint256" }
+        ],
+        internalType: "struct ISignatureTransfer.SignatureTransferDetails",
+        name: "transferDetails",
+        type: "tuple"
+      },
+      { internalType: "address", name: "owner", type: "address" },
+      { internalType: "bytes32", name: "witness", type: "bytes32" },
+      { internalType: "string", name: "witnessTypeString", type: "string" },
+      { internalType: "bytes", name: "signature", type: "bytes" }
+    ],
+    name: "permitWitnessTransferFrom",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
   }
 ];
 
@@ -1243,6 +1297,8 @@ var ErrorReasons = [
   "invalid_authorization_type",
   "invalid_permit_signature",
   "invalid_permit2_signature",
+  "invalid_permit2_witness_signature",
+  "witness_recipient_mismatch",
   "permit_expired",
   "permit2_expired",
   "permit2_not_approved",
@@ -1250,6 +1306,7 @@ var ErrorReasons = [
   "invalid_spender_address",
   "token_mismatch",
   "insufficient_payment_amount",
+  "insufficient_token_balance",
   "transaction_failed",
   "settlement_failed"
 ];
@@ -1292,7 +1349,9 @@ var Permit2EvmPayloadAuthorizationSchema = import_zod3.z.object({
   token: import_zod3.z.string().regex(EvmAddressRegex),
   amount: import_zod3.z.string().refine(isInteger).refine(hasMaxLength(EvmMaxAtomicUnits)),
   deadline: import_zod3.z.string().refine(isInteger),
-  nonce: import_zod3.z.string().refine(isInteger)
+  nonce: import_zod3.z.string().refine(isInteger),
+  to: import_zod3.z.string().regex(EvmAddressRegex).optional()
+  // Witness: binds recipient address to signature
 });
 var ExactEvmPayloadSchema = import_zod3.z.discriminatedUnion("authorizationType", [
   import_zod3.z.object({
@@ -2041,11 +2100,41 @@ async function verify3(client, payload, paymentRequirements) {
     };
   }
   const permit2Payload = payload.payload;
-  const { owner, spender, token, amount, deadline, nonce } = permit2Payload.authorization;
+  const { owner, spender, token, amount, deadline, nonce, to } = permit2Payload.authorization;
   const chainId = getNetworkId(payload.network);
   const tokenAddress = (0, import_viem5.getAddress)(token);
   const ownerAddress = (0, import_viem5.getAddress)(owner);
-  const permit2TypedData = {
+  const hasWitness = !!to;
+  if (hasWitness) {
+    if ((0, import_viem5.getAddress)(to) !== (0, import_viem5.getAddress)(paymentRequirements.payTo)) {
+      return {
+        isValid: false,
+        invalidReason: "witness_recipient_mismatch",
+        payer: owner
+      };
+    }
+  }
+  const permit2TypedData = hasWitness ? {
+    types: permit2WitnessTypes,
+    domain: {
+      name: "Permit2",
+      chainId,
+      verifyingContract: PERMIT2_ADDRESS
+    },
+    primaryType: "PermitWitnessTransferFrom",
+    message: {
+      permitted: {
+        token: tokenAddress,
+        amount
+      },
+      spender: (0, import_viem5.getAddress)(spender),
+      nonce,
+      deadline,
+      witness: {
+        to: (0, import_viem5.getAddress)(to)
+      }
+    }
+  } : {
     types: permit2Types,
     domain: {
       name: "Permit2",
@@ -2071,7 +2160,7 @@ async function verify3(client, payload, paymentRequirements) {
   if (!recoveredAddress) {
     return {
       isValid: false,
-      invalidReason: "invalid_permit2_signature",
+      invalidReason: hasWitness ? "invalid_permit2_witness_signature" : "invalid_permit2_signature",
       payer: owner
     };
   }
@@ -2146,10 +2235,34 @@ async function settle3(wallet, paymentPayload, paymentRequirements) {
       payer: permit2Payload.authorization.owner
     };
   }
-  const { owner, token, amount, deadline, nonce } = permit2Payload.authorization;
+  const { owner, token, amount, deadline, nonce, to } = permit2Payload.authorization;
   const tokenAddress = (0, import_viem5.getAddress)(token);
   const ownerAddress = (0, import_viem5.getAddress)(owner);
-  const tx = await wallet.writeContract({
+  const hasWitness = !!to;
+  const tx = hasWitness ? await wallet.writeContract({
+    address: PERMIT2_ADDRESS,
+    abi: permit2ABI,
+    functionName: "permitWitnessTransferFrom",
+    args: [
+      {
+        permitted: {
+          token: tokenAddress,
+          amount: BigInt(amount)
+        },
+        nonce: BigInt(nonce),
+        deadline: BigInt(deadline)
+      },
+      {
+        to: paymentRequirements.payTo,
+        requestedAmount: BigInt(amount)
+      },
+      ownerAddress,
+      (0, import_viem5.keccak256)((0, import_viem5.encodeAbiParameters)([{ type: "address", name: "to" }], [(0, import_viem5.getAddress)(to)])),
+      WITNESS_TYPE_STRING,
+      permit2Payload.signature
+    ],
+    chain: wallet.chain
+  }) : await wallet.writeContract({
     address: PERMIT2_ADDRESS,
     abi: permit2ABI,
     functionName: "permitTransferFrom",
@@ -2393,7 +2506,7 @@ function preparePaymentHeader2(from, x402Version, paymentRequirements) {
       signature: void 0,
       authorization: {
         owner: from,
-        spender: paymentRequirements.extra?.feePayer,
+        spender: paymentRequirements.extra?.relayer,
         value: paymentRequirements.maxAmountRequired,
         deadline
       }
@@ -2447,13 +2560,34 @@ __export(permit2_exports, {
 
 // src/schemes/exact/evm/permit2/sign.ts
 var import_viem7 = require("viem");
-async function signPermit2(walletClient, { owner, spender, token, amount, deadline }, { network }) {
+async function signPermit2(walletClient, { owner, spender, token, amount, deadline, to }, { network }) {
   const chainId = getNetworkId(network);
   const tokenAddress = (0, import_viem7.getAddress)(token);
   const ownerAddress = (0, import_viem7.getAddress)(owner);
   const spenderAddress = (0, import_viem7.getAddress)(spender);
   const nonce = await createPermit2Nonce(walletClient, ownerAddress);
-  const data = {
+  const hasWitness = !!to;
+  const data = hasWitness ? {
+    types: permit2WitnessTypes,
+    domain: {
+      name: "Permit2",
+      chainId,
+      verifyingContract: PERMIT2_ADDRESS
+    },
+    primaryType: "PermitWitnessTransferFrom",
+    message: {
+      permitted: {
+        token: tokenAddress,
+        amount: BigInt(amount)
+      },
+      spender: spenderAddress,
+      nonce,
+      deadline: BigInt(deadline),
+      witness: {
+        to: (0, import_viem7.getAddress)(to)
+      }
+    }
+  } : {
     types: permit2Types,
     domain: {
       name: "Permit2",
@@ -2531,16 +2665,18 @@ function preparePaymentHeader3(from, x402Version, paymentRequirements) {
         spender: paymentRequirements.payTo,
         token: paymentRequirements.asset,
         amount: paymentRequirements.maxAmountRequired,
-        deadline
+        deadline,
+        to: paymentRequirements.payTo
+        // Witness: bind recipient to signature
       }
     }
   };
 }
 async function signPaymentHeader3(client, paymentRequirements, unsignedPaymentHeader) {
-  const { owner, spender, token, amount, deadline } = unsignedPaymentHeader.payload.authorization;
+  const { owner, spender, token, amount, deadline, to } = unsignedPaymentHeader.payload.authorization;
   const { signature, nonce } = await signPermit2(
     client,
-    { owner, spender, token, amount, deadline },
+    { owner, spender, token, amount, deadline, to },
     paymentRequirements
   );
   return {
@@ -2554,7 +2690,9 @@ async function signPaymentHeader3(client, paymentRequirements, unsignedPaymentHe
         token,
         amount,
         deadline,
-        nonce
+        nonce,
+        ...to ? { to } : {}
+        // Include `to` field if present (witness mode)
       }
     }
   };