@x402/evm 2.8.0 → 2.9.0

package/dist/cjs/upto/facilitator/index.js

@@ -0,0 +1,1233 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/upto/facilitator/index.ts
+var facilitator_exports = {};
+__export(facilitator_exports, {
+  UptoEvmScheme: () => UptoEvmScheme
+});
+module.exports = __toCommonJS(facilitator_exports);
+
+// src/types.ts
+function isUptoPermit2Payload(payload) {
+  if (typeof payload.signature !== "string") return false;
+  if (!("permit2Authorization" in payload)) return false;
+  const auth = payload.permit2Authorization;
+  if (typeof auth !== "object" || auth === null) return false;
+  const a = auth;
+  if (typeof a.from !== "string") return false;
+  if (typeof a.spender !== "string") return false;
+  if (typeof a.nonce !== "string") return false;
+  if (typeof a.deadline !== "string") return false;
+  const permitted = a.permitted;
+  if (typeof permitted !== "object" || permitted === null) return false;
+  const p = permitted;
+  if (typeof p.token !== "string") return false;
+  if (typeof p.amount !== "string") return false;
+  const witness = a.witness;
+  if (typeof witness !== "object" || witness === null) return false;
+  const w = witness;
+  return typeof w.facilitator === "string" && typeof w.to === "string" && typeof w.validAfter === "string";
+}
+
+// src/exact/extensions.ts
+var EIP2612_GAS_SPONSORING_KEY = "eip2612GasSponsoring";
+var ERC20_APPROVAL_GAS_SPONSORING_KEY = "erc20ApprovalGasSponsoring";
+function _extractInfo(payload, extensionKey) {
+  const extensions = payload.extensions;
+  if (!extensions) return null;
+  const extension = extensions[extensionKey];
+  if (!extension?.info) return null;
+  return extension.info;
+}
+function extractEip2612GasSponsoringInfo(payload) {
+  const info = _extractInfo(payload, EIP2612_GAS_SPONSORING_KEY);
+  if (!info) return null;
+  if (!info.from || !info.asset || !info.spender || !info.amount || !info.nonce || !info.deadline || !info.signature || !info.version) {
+    return null;
+  }
+  return info;
+}
+function validateEip2612GasSponsoringInfo(info) {
+  const addressPattern = /^0x[a-fA-F0-9]{40}$/;
+  const numericPattern = /^[0-9]+$/;
+  const hexPattern = /^0x[a-fA-F0-9]+$/;
+  const versionPattern = /^[0-9]+(\.[0-9]+)*$/;
+  return addressPattern.test(info.from) && addressPattern.test(info.asset) && addressPattern.test(info.spender) && numericPattern.test(info.amount) && numericPattern.test(info.nonce) && numericPattern.test(info.deadline) && hexPattern.test(info.signature) && versionPattern.test(info.version);
+}
+function extractErc20ApprovalGasSponsoringInfo(payload) {
+  const info = _extractInfo(payload, ERC20_APPROVAL_GAS_SPONSORING_KEY);
+  if (!info) return null;
+  if (!info.from || !info.asset || !info.spender || !info.amount || !info.signedTransaction || !info.version) {
+    return null;
+  }
+  return info;
+}
+function validateErc20ApprovalGasSponsoringInfo(info) {
+  const addressPattern = /^0x[a-fA-F0-9]{40}$/;
+  const numericPattern = /^[0-9]+$/;
+  const hexPattern = /^0x[a-fA-F0-9]+$/;
+  const versionPattern = /^[0-9]+(\.[0-9]+)*$/;
+  return addressPattern.test(info.from) && addressPattern.test(info.asset) && addressPattern.test(info.spender) && numericPattern.test(info.amount) && hexPattern.test(info.signedTransaction) && versionPattern.test(info.version);
+}
+function resolveErc20ApprovalExtensionSigner(extension, network) {
+  if (!extension) return void 0;
+  return extension.signerForNetwork?.(network) ?? extension.signer;
+}
+
+// src/upto/facilitator/permit2.ts
+var import_viem5 = require("viem");
+
+// src/constants.ts
+var uptoPermit2WitnessTypes = {
+  PermitWitnessTransferFrom: [
+    { name: "permitted", type: "TokenPermissions" },
+    { name: "spender", type: "address" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" },
+    { name: "witness", type: "Witness" }
+  ],
+  TokenPermissions: [
+    { name: "token", type: "address" },
+    { name: "amount", type: "uint256" }
+  ],
+  Witness: [
+    { name: "to", type: "address" },
+    { name: "facilitator", type: "address" },
+    { name: "validAfter", type: "uint256" }
+  ]
+};
+var eip3009ABI = [
+  {
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "v", type: "uint8" },
+      { name: "r", type: "bytes32" },
+      { name: "s", type: "bytes32" }
+    ],
+    name: "transferWithAuthorization",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "signature", type: "bytes" }
+    ],
+    name: "transferWithAuthorization",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [{ name: "account", type: "address" }],
+    name: "balanceOf",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "version",
+    outputs: [{ name: "", type: "string" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "name",
+    outputs: [{ name: "", type: "string" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "authorizer", type: "address" },
+      { name: "nonce", type: "bytes32" }
+    ],
+    name: "authorizationState",
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var erc20ApproveAbi = [
+  {
+    type: "function",
+    name: "approve",
+    inputs: [
+      { name: "spender", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    outputs: [{ type: "bool" }],
+    stateMutability: "nonpayable"
+  }
+];
+var erc20AllowanceAbi = [
+  {
+    type: "function",
+    name: "allowance",
+    inputs: [
+      { name: "owner", type: "address" },
+      { name: "spender", type: "address" }
+    ],
+    outputs: [{ type: "uint256" }],
+    stateMutability: "view"
+  }
+];
+var PERMIT2_ADDRESS = "0x000000000022D473030F116dDEE9F6B43aC78BA3";
+var x402UptoPermit2ProxyAddress = "0x4020A4f3b7b90ccA423B9fabCc0CE57C6C240002";
+var uptoPermit2WitnessABIComponents = [
+  { name: "to", type: "address", internalType: "address" },
+  { name: "facilitator", type: "address", internalType: "address" },
+  { name: "validAfter", type: "uint256", internalType: "uint256" }
+];
+var x402UptoPermit2ProxyABI = [
+  {
+    type: "function",
+    name: "PERMIT2",
+    inputs: [],
+    outputs: [{ name: "", type: "address", internalType: "contract ISignatureTransfer" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "WITNESS_TYPEHASH",
+    inputs: [],
+    outputs: [{ name: "", type: "bytes32", internalType: "bytes32" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "WITNESS_TYPE_STRING",
+    inputs: [],
+    outputs: [{ name: "", type: "string", internalType: "string" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "settle",
+    inputs: [
+      {
+        name: "permit",
+        type: "tuple",
+        internalType: "struct ISignatureTransfer.PermitTransferFrom",
+        components: [
+          {
+            name: "permitted",
+            type: "tuple",
+            internalType: "struct ISignatureTransfer.TokenPermissions",
+            components: [
+              { name: "token", type: "address", internalType: "address" },
+              { name: "amount", type: "uint256", internalType: "uint256" }
+            ]
+          },
+          { name: "nonce", type: "uint256", internalType: "uint256" },
+          { name: "deadline", type: "uint256", internalType: "uint256" }
+        ]
+      },
+      { name: "amount", type: "uint256", internalType: "uint256" },
+      { name: "owner", type: "address", internalType: "address" },
+      {
+        name: "witness",
+        type: "tuple",
+        internalType: "struct x402UptoPermit2Proxy.Witness",
+        components: uptoPermit2WitnessABIComponents
+      },
+      { name: "signature", type: "bytes", internalType: "bytes" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "settleWithPermit",
+    inputs: [
+      {
+        name: "permit2612",
+        type: "tuple",
+        internalType: "struct x402UptoPermit2Proxy.EIP2612Permit",
+        components: [
+          { name: "value", type: "uint256", internalType: "uint256" },
+          { name: "deadline", type: "uint256", internalType: "uint256" },
+          { name: "r", type: "bytes32", internalType: "bytes32" },
+          { name: "s", type: "bytes32", internalType: "bytes32" },
+          { name: "v", type: "uint8", internalType: "uint8" }
+        ]
+      },
+      {
+        name: "permit",
+        type: "tuple",
+        internalType: "struct ISignatureTransfer.PermitTransferFrom",
+        components: [
+          {
+            name: "permitted",
+            type: "tuple",
+            internalType: "struct ISignatureTransfer.TokenPermissions",
+            components: [
+              { name: "token", type: "address", internalType: "address" },
+              { name: "amount", type: "uint256", internalType: "uint256" }
+            ]
+          },
+          { name: "nonce", type: "uint256", internalType: "uint256" },
+          { name: "deadline", type: "uint256", internalType: "uint256" }
+        ]
+      },
+      { name: "amount", type: "uint256", internalType: "uint256" },
+      { name: "owner", type: "address", internalType: "address" },
+      {
+        name: "witness",
+        type: "tuple",
+        internalType: "struct x402UptoPermit2Proxy.Witness",
+        components: uptoPermit2WitnessABIComponents
+      },
+      { name: "signature", type: "bytes", internalType: "bytes" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  { type: "event", name: "Settled", inputs: [], anonymous: false },
+  { type: "event", name: "SettledWithPermit", inputs: [], anonymous: false },
+  { type: "error", name: "AmountExceedsPermitted", inputs: [] },
+  { type: "error", name: "InvalidDestination", inputs: [] },
+  { type: "error", name: "InvalidOwner", inputs: [] },
+  { type: "error", name: "InvalidPermit2Address", inputs: [] },
+  { type: "error", name: "PaymentTooEarly", inputs: [] },
+  { type: "error", name: "Permit2612AmountMismatch", inputs: [] },
+  { type: "error", name: "ReentrancyGuardReentrantCall", inputs: [] },
+  { type: "error", name: "UnauthorizedFacilitator", inputs: [] }
+];
+
+// src/exact/facilitator/errors.ts
+var ErrTransactionFailed = "invalid_exact_evm_transaction_failed";
+var ErrPermit2AmountMismatch = "permit2_amount_mismatch";
+var ErrPermit2InvalidSignature = "invalid_permit2_signature";
+var ErrPermit2AllowanceRequired = "permit2_allowance_required";
+var ErrPermit2SimulationFailed = "permit2_simulation_failed";
+var ErrPermit2InsufficientBalance = "permit2_insufficient_balance";
+var ErrPermit2ProxyNotDeployed = "permit2_proxy_not_deployed";
+var ErrPermit2InvalidAmount = "permit2_invalid_amount";
+var ErrPermit2InvalidDestination = "permit2_invalid_destination";
+var ErrPermit2InvalidOwner = "permit2_invalid_owner";
+var ErrPermit2PaymentTooEarly = "permit2_payment_too_early";
+var ErrPermit2InvalidNonce = "permit2_invalid_nonce";
+var ErrPermit2612AmountMismatch = "permit2_2612_amount_mismatch";
+var ErrErc20ApprovalInvalidFormat = "invalid_erc20_approval_extension_format";
+var ErrErc20ApprovalFromMismatch = "erc20_approval_from_mismatch";
+var ErrErc20ApprovalAssetMismatch = "erc20_approval_asset_mismatch";
+var ErrErc20ApprovalSpenderNotPermit2 = "erc20_approval_spender_not_permit2";
+var ErrErc20ApprovalTxWrongTarget = "erc20_approval_tx_wrong_target";
+var ErrErc20ApprovalTxWrongSelector = "erc20_approval_tx_wrong_selector";
+var ErrErc20ApprovalTxWrongSpender = "erc20_approval_tx_wrong_spender";
+var ErrErc20ApprovalTxInvalidCalldata = "erc20_approval_tx_invalid_calldata";
+var ErrErc20ApprovalTxSignerMismatch = "erc20_approval_tx_signer_mismatch";
+var ErrErc20ApprovalTxInvalidSignature = "erc20_approval_tx_invalid_signature";
+var ErrErc20ApprovalTxParseFailed = "erc20_approval_tx_parse_failed";
+var ErrErc20ApprovalTxFailed = "erc20_approval_tx_failed";
+var ErrInvalidEip2612ExtensionFormat = "invalid_eip2612_extension_format";
+var ErrEip2612FromMismatch = "eip2612_from_mismatch";
+var ErrEip2612AssetMismatch = "eip2612_asset_mismatch";
+var ErrEip2612SpenderNotPermit2 = "eip2612_spender_not_permit2";
+var ErrEip2612DeadlineExpired = "eip2612_deadline_expired";
+var ErrInvalidTransactionState = "invalid_transaction_state";
+
+// src/upto/facilitator/errors.ts
+var ErrUptoInvalidScheme = "invalid_upto_evm_scheme";
+var ErrUptoNetworkMismatch = "invalid_upto_evm_network_mismatch";
+var ErrUptoSettlementExceedsAmount = "invalid_upto_evm_payload_settlement_exceeds_amount";
+var ErrUptoAmountExceedsPermitted = "upto_amount_exceeds_permitted";
+var ErrUptoUnauthorizedFacilitator = "upto_unauthorized_facilitator";
+var ErrUptoFacilitatorMismatch = "upto_facilitator_mismatch";
+
+// src/utils.ts
+var import_viem = require("viem");
+function getEvmChainId(network) {
+  if (network.startsWith("eip155:")) {
+    const idStr = network.split(":")[1];
+    const chainId = parseInt(idStr, 10);
+    if (isNaN(chainId)) {
+      throw new Error(`Invalid CAIP-2 chain ID: ${network}`);
+    }
+    return chainId;
+  }
+  throw new Error(`Unsupported network format: ${network} (expected eip155:CHAIN_ID)`);
+}
+
+// src/shared/erc20approval.ts
+var import_viem2 = require("viem");
+var APPROVE_SELECTOR = "0x095ea7b3";
+async function validateErc20ApprovalForPayment(info, payer, tokenAddress) {
+  if (!validateErc20ApprovalGasSponsoringInfo(info)) {
+    return {
+      isValid: false,
+      invalidReason: ErrErc20ApprovalInvalidFormat,
+      invalidMessage: "ERC-20 approval extension info failed schema validation"
+    };
+  }
+  if ((0, import_viem2.getAddress)(info.from) !== (0, import_viem2.getAddress)(payer)) {
+    return {
+      isValid: false,
+      invalidReason: ErrErc20ApprovalFromMismatch,
+      invalidMessage: `Expected from=${payer}, got ${info.from}`
+    };
+  }
+  if ((0, import_viem2.getAddress)(info.asset) !== tokenAddress) {
+    return {
+      isValid: false,
+      invalidReason: ErrErc20ApprovalAssetMismatch,
+      invalidMessage: `Expected asset=${tokenAddress}, got ${info.asset}`
+    };
+  }
+  if ((0, import_viem2.getAddress)(info.spender) !== (0, import_viem2.getAddress)(PERMIT2_ADDRESS)) {
+    return {
+      isValid: false,
+      invalidReason: ErrErc20ApprovalSpenderNotPermit2,
+      invalidMessage: `Expected spender=${PERMIT2_ADDRESS}, got ${info.spender}`
+    };
+  }
+  try {
+    const serializedTx = info.signedTransaction;
+    const tx = (0, import_viem2.parseTransaction)(serializedTx);
+    if (!tx.to || (0, import_viem2.getAddress)(tx.to) !== tokenAddress) {
+      return {
+        isValid: false,
+        invalidReason: ErrErc20ApprovalTxWrongTarget,
+        invalidMessage: `Transaction targets ${tx.to ?? "null"}, expected ${tokenAddress}`
+      };
+    }
+    const data = tx.data ?? "0x";
+    if (!data.startsWith(APPROVE_SELECTOR)) {
+      return {
+        isValid: false,
+        invalidReason: ErrErc20ApprovalTxWrongSelector,
+        invalidMessage: `Transaction calldata does not start with approve() selector ${APPROVE_SELECTOR}`
+      };
+    }
+    try {
+      const decoded = (0, import_viem2.decodeFunctionData)({
+        abi: erc20ApproveAbi,
+        data
+      });
+      const calldataSpender = (0, import_viem2.getAddress)(decoded.args[0]);
+      if (calldataSpender !== (0, import_viem2.getAddress)(PERMIT2_ADDRESS)) {
+        return {
+          isValid: false,
+          invalidReason: ErrErc20ApprovalTxWrongSpender,
+          invalidMessage: `approve() spender is ${calldataSpender}, expected Permit2 ${PERMIT2_ADDRESS}`
+        };
+      }
+    } catch {
+      return {
+        isValid: false,
+        invalidReason: ErrErc20ApprovalTxInvalidCalldata,
+        invalidMessage: "Failed to decode approve() calldata from the signed transaction"
+      };
+    }
+    try {
+      const recoveredAddress = await (0, import_viem2.recoverTransactionAddress)({
+        serializedTransaction: serializedTx
+      });
+      if ((0, import_viem2.getAddress)(recoveredAddress) !== (0, import_viem2.getAddress)(payer)) {
+        return {
+          isValid: false,
+          invalidReason: ErrErc20ApprovalTxSignerMismatch,
+          invalidMessage: `Transaction signed by ${recoveredAddress}, expected payer ${payer}`
+        };
+      }
+    } catch {
+      return {
+        isValid: false,
+        invalidReason: ErrErc20ApprovalTxInvalidSignature,
+        invalidMessage: "Failed to recover signer from the signed transaction"
+      };
+    }
+  } catch {
+    return {
+      isValid: false,
+      invalidReason: ErrErc20ApprovalTxParseFailed,
+      invalidMessage: "Failed to parse the signed transaction"
+    };
+  }
+  return { isValid: true };
+}
+
+// src/shared/permit2.ts
+var import_viem4 = require("viem");
+
+// src/multicall.ts
+var import_viem3 = require("viem");
+var MULTICALL3_ADDRESS = "0xcA11bde05977b3631167028862bE2a173976CA11";
+var multicall3ABI = [
+  {
+    inputs: [
+      { name: "requireSuccess", type: "bool" },
+      {
+        name: "calls",
+        type: "tuple[]",
+        components: [
+          { name: "target", type: "address" },
+          { name: "callData", type: "bytes" }
+        ]
+      }
+    ],
+    name: "tryAggregate",
+    outputs: [
+      {
+        name: "returnData",
+        type: "tuple[]",
+        components: [
+          { name: "success", type: "bool" },
+          { name: "returnData", type: "bytes" }
+        ]
+      }
+    ],
+    stateMutability: "payable",
+    type: "function"
+  }
+];
+async function multicall(readContract, calls) {
+  const aggregateCalls = calls.map((call) => {
+    if ("callData" in call) {
+      return { target: call.address, callData: call.callData };
+    }
+    const callData = (0, import_viem3.encodeFunctionData)({
+      abi: call.abi,
+      functionName: call.functionName,
+      args: call.args
+    });
+    return { target: call.address, callData };
+  });
+  const rawResults = await readContract({
+    address: MULTICALL3_ADDRESS,
+    abi: multicall3ABI,
+    functionName: "tryAggregate",
+    args: [false, aggregateCalls]
+  });
+  return rawResults.map((raw, i) => {
+    if (!raw.success) {
+      return {
+        status: "failure",
+        error: new Error(`multicall: call reverted (returnData: ${raw.returnData})`)
+      };
+    }
+    const call = calls[i];
+    if ("callData" in call) {
+      return { status: "success", result: void 0 };
+    }
+    try {
+      const decoded = (0, import_viem3.decodeFunctionResult)({
+        abi: call.abi,
+        functionName: call.functionName,
+        data: raw.returnData
+      });
+      return { status: "success", result: decoded };
+    } catch (err) {
+      return {
+        status: "failure",
+        error: err instanceof Error ? err : new Error(String(err))
+      };
+    }
+  });
+}
+
+// src/shared/permit2.ts
+async function waitAndReturnSettleResponse(signer, tx, payload, payer) {
+  const receipt = await signer.waitForTransactionReceipt({ hash: tx });
+  if (receipt.status !== "success") {
+    return {
+      success: false,
+      errorReason: ErrInvalidTransactionState,
+      transaction: tx,
+      network: payload.accepted.network,
+      payer
+    };
+  }
+  return {
+    success: true,
+    transaction: tx,
+    network: payload.accepted.network,
+    payer
+  };
+}
+function mapSettleError(error, payload, payer) {
+  let errorReason = ErrTransactionFailed;
+  if (error instanceof Error) {
+    const message = error.message;
+    if (message.includes("Permit2612AmountMismatch")) {
+      errorReason = ErrPermit2612AmountMismatch;
+    } else if (message.includes("InvalidAmount")) {
+      errorReason = ErrPermit2InvalidAmount;
+    } else if (message.includes("InvalidDestination")) {
+      errorReason = ErrPermit2InvalidDestination;
+    } else if (message.includes("InvalidOwner")) {
+      errorReason = ErrPermit2InvalidOwner;
+    } else if (message.includes("PaymentTooEarly")) {
+      errorReason = ErrPermit2PaymentTooEarly;
+    } else if (message.includes("InvalidSignature") || message.includes("SignatureExpired")) {
+      errorReason = ErrPermit2InvalidSignature;
+    } else if (message.includes("InvalidNonce")) {
+      errorReason = ErrPermit2InvalidNonce;
+    } else if (message.includes("erc20_approval_tx_failed")) {
+      errorReason = ErrErc20ApprovalTxFailed;
+    } else if (message.includes("AmountExceedsPermitted")) {
+      errorReason = ErrUptoAmountExceedsPermitted;
+    } else if (message.includes("UnauthorizedFacilitator")) {
+      errorReason = ErrUptoUnauthorizedFacilitator;
+    } else {
+      errorReason = `${ErrTransactionFailed}: ${message.slice(0, 500)}`;
+    }
+  }
+  return {
+    success: false,
+    errorReason,
+    transaction: "",
+    network: payload.accepted.network,
+    payer
+  };
+}
+function validateEip2612PermitForPayment(info, payer, tokenAddress) {
+  if (!validateEip2612GasSponsoringInfo(info)) {
+    return { isValid: false, invalidReason: ErrInvalidEip2612ExtensionFormat };
+  }
+  if ((0, import_viem4.getAddress)(info.from) !== (0, import_viem4.getAddress)(payer)) {
+    return { isValid: false, invalidReason: ErrEip2612FromMismatch };
+  }
+  if ((0, import_viem4.getAddress)(info.asset) !== tokenAddress) {
+    return { isValid: false, invalidReason: ErrEip2612AssetMismatch };
+  }
+  if ((0, import_viem4.getAddress)(info.spender) !== (0, import_viem4.getAddress)(PERMIT2_ADDRESS)) {
+    return { isValid: false, invalidReason: ErrEip2612SpenderNotPermit2 };
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (BigInt(info.deadline) < BigInt(now + 6)) {
+    return { isValid: false, invalidReason: ErrEip2612DeadlineExpired };
+  }
+  return { isValid: true };
+}
+async function simulatePermit2Settle(config, signer, settleArgs) {
+  try {
+    await signer.readContract({
+      address: config.proxyAddress,
+      abi: config.proxyABI,
+      functionName: "settle",
+      args: settleArgs
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function simulatePermit2SettleWithPermit(config, signer, settleArgs, eip2612Info) {
+  try {
+    const { v, r, s } = splitEip2612Signature(eip2612Info.signature);
+    await signer.readContract({
+      address: config.proxyAddress,
+      abi: config.proxyABI,
+      functionName: "settleWithPermit",
+      args: [
+        {
+          value: BigInt(eip2612Info.amount),
+          deadline: BigInt(eip2612Info.deadline),
+          r,
+          s,
+          v
+        },
+        ...settleArgs
+      ]
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function simulatePermit2SettleWithErc20Approval(config, extensionSigner, settleArgs, erc20Info) {
+  if (!extensionSigner.simulateTransactions) {
+    return false;
+  }
+  try {
+    const settleData = (0, import_viem4.encodeFunctionData)({
+      abi: config.proxyABI,
+      functionName: "settle",
+      args: settleArgs
+    });
+    return await extensionSigner.simulateTransactions([
+      erc20Info.signedTransaction,
+      { to: config.proxyAddress, data: settleData, gas: BigInt(3e5) }
+    ]);
+  } catch {
+    return false;
+  }
+}
+async function diagnosePermit2SimulationFailure(config, signer, tokenAddress, permit2Payload, amountRequired) {
+  const payer = permit2Payload.permit2Authorization.from;
+  const diagnosticCalls = [
+    {
+      address: config.proxyAddress,
+      abi: config.proxyABI,
+      functionName: "PERMIT2"
+    },
+    {
+      address: tokenAddress,
+      abi: eip3009ABI,
+      functionName: "balanceOf",
+      args: [payer]
+    },
+    {
+      address: tokenAddress,
+      abi: erc20AllowanceAbi,
+      functionName: "allowance",
+      args: [payer, PERMIT2_ADDRESS]
+    }
+  ];
+  try {
+    const results = await multicall(signer.readContract.bind(signer), diagnosticCalls);
+    const [proxyResult, balanceResult, allowanceResult] = results;
+    if (proxyResult.status === "failure") {
+      return { isValid: false, invalidReason: ErrPermit2ProxyNotDeployed, payer };
+    }
+    if (balanceResult.status === "success") {
+      const balance = balanceResult.result;
+      if (balance < BigInt(amountRequired)) {
+        return { isValid: false, invalidReason: ErrPermit2InsufficientBalance, payer };
+      }
+    }
+    if (allowanceResult.status === "success") {
+      const allowance = allowanceResult.result;
+      if (allowance < BigInt(amountRequired)) {
+        return { isValid: false, invalidReason: ErrPermit2AllowanceRequired, payer };
+      }
+    }
+  } catch {
+  }
+  return { isValid: false, invalidReason: ErrPermit2SimulationFailed, payer };
+}
+async function checkPermit2Prerequisites(config, signer, tokenAddress, payer, amountRequired) {
+  const diagnosticCalls = [
+    {
+      address: config.proxyAddress,
+      abi: config.proxyABI,
+      functionName: "PERMIT2"
+    },
+    {
+      address: tokenAddress,
+      abi: eip3009ABI,
+      functionName: "balanceOf",
+      args: [payer]
+    }
+  ];
+  try {
+    const results = await multicall(signer.readContract.bind(signer), diagnosticCalls);
+    const [proxyResult, balanceResult] = results;
+    if (proxyResult.status === "failure") {
+      return { isValid: false, invalidReason: ErrPermit2ProxyNotDeployed, payer };
+    }
+    if (balanceResult.status === "success") {
+      const balance = balanceResult.result;
+      if (balance < BigInt(amountRequired)) {
+        return { isValid: false, invalidReason: ErrPermit2InsufficientBalance, payer };
+      }
+    }
+  } catch {
+  }
+  return { isValid: true, invalidReason: void 0, payer };
+}
+function buildUptoPermit2SettleArgs(permit2Payload, settlementAmount, facilitatorAddress) {
+  return [
+    {
+      permitted: {
+        token: (0, import_viem4.getAddress)(permit2Payload.permit2Authorization.permitted.token),
+        amount: BigInt(permit2Payload.permit2Authorization.permitted.amount)
+      },
+      nonce: BigInt(permit2Payload.permit2Authorization.nonce),
+      deadline: BigInt(permit2Payload.permit2Authorization.deadline)
+    },
+    settlementAmount,
+    (0, import_viem4.getAddress)(permit2Payload.permit2Authorization.from),
+    {
+      to: (0, import_viem4.getAddress)(permit2Payload.permit2Authorization.witness.to),
+      facilitator: (0, import_viem4.getAddress)(facilitatorAddress),
+      validAfter: BigInt(permit2Payload.permit2Authorization.witness.validAfter)
+    },
+    permit2Payload.signature
+  ];
+}
+function splitEip2612Signature(signature) {
+  const sig = signature.startsWith("0x") ? signature.slice(2) : signature;
+  if (sig.length !== 130) {
+    throw new Error(
+      `invalid EIP-2612 signature length: expected 65 bytes (130 hex chars), got ${sig.length / 2} bytes`
+    );
+  }
+  const r = `0x${sig.slice(0, 64)}`;
+  const s = `0x${sig.slice(64, 128)}`;
+  const v = parseInt(sig.slice(128, 130), 16);
+  return { v, r, s };
+}
+
+// src/upto/facilitator/permit2.ts
+var uptoProxyConfig = {
+  proxyAddress: x402UptoPermit2ProxyAddress,
+  proxyABI: x402UptoPermit2ProxyABI
+};
+async function verifyUptoPermit2(signer, payload, requirements, permit2Payload, context, options) {
+  const payer = permit2Payload.permit2Authorization.from;
+  if (payload.accepted.scheme !== "upto" || requirements.scheme !== "upto") {
+    return {
+      isValid: false,
+      invalidReason: ErrUptoInvalidScheme,
+      payer
+    };
+  }
+  if (payload.accepted.network !== requirements.network) {
+    return {
+      isValid: false,
+      invalidReason: ErrUptoNetworkMismatch,
+      payer
+    };
+  }
+  const chainId = getEvmChainId(requirements.network);
+  const tokenAddress = (0, import_viem5.getAddress)(requirements.asset);
+  if ((0, import_viem5.getAddress)(permit2Payload.permit2Authorization.spender) !== (0, import_viem5.getAddress)(x402UptoPermit2ProxyAddress)) {
+    return {
+      isValid: false,
+      invalidReason: "invalid_permit2_spender",
+      payer
+    };
+  }
+  if ((0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.to) !== (0, import_viem5.getAddress)(requirements.payTo)) {
+    return {
+      isValid: false,
+      invalidReason: "invalid_permit2_recipient_mismatch",
+      payer
+    };
+  }
+  const facilitatorAddresses = signer.getAddresses();
+  const witnessFacilitator = (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.facilitator);
+  const isFacilitatorMatch = facilitatorAddresses.some(
+    (addr) => (0, import_viem5.getAddress)(addr) === witnessFacilitator
+  );
+  if (!isFacilitatorMatch) {
+    return {
+      isValid: false,
+      invalidReason: ErrUptoFacilitatorMismatch,
+      payer
+    };
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (BigInt(permit2Payload.permit2Authorization.deadline) < BigInt(now + 6)) {
+    return {
+      isValid: false,
+      invalidReason: "permit2_deadline_expired",
+      payer
+    };
+  }
+  if (BigInt(permit2Payload.permit2Authorization.witness.validAfter) > BigInt(now)) {
+    return {
+      isValid: false,
+      invalidReason: "permit2_not_yet_valid",
+      payer
+    };
+  }
+  if (BigInt(permit2Payload.permit2Authorization.permitted.amount) !== BigInt(requirements.amount)) {
+    return {
+      isValid: false,
+      invalidReason: ErrPermit2AmountMismatch,
+      payer
+    };
+  }
+  if ((0, import_viem5.getAddress)(permit2Payload.permit2Authorization.permitted.token) !== tokenAddress) {
+    return {
+      isValid: false,
+      invalidReason: "permit2_token_mismatch",
+      payer
+    };
+  }
+  const permit2TypedData = {
+    types: uptoPermit2WitnessTypes,
+    primaryType: "PermitWitnessTransferFrom",
+    domain: {
+      name: "Permit2",
+      chainId,
+      verifyingContract: PERMIT2_ADDRESS
+    },
+    message: {
+      permitted: {
+        token: (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.permitted.token),
+        amount: BigInt(permit2Payload.permit2Authorization.permitted.amount)
+      },
+      spender: (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.spender),
+      nonce: BigInt(permit2Payload.permit2Authorization.nonce),
+      deadline: BigInt(permit2Payload.permit2Authorization.deadline),
+      witness: {
+        to: (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.to),
+        facilitator: (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.facilitator),
+        validAfter: BigInt(permit2Payload.permit2Authorization.witness.validAfter)
+      }
+    }
+  };
+  let signatureValid = false;
+  try {
+    signatureValid = await signer.verifyTypedData({
+      address: payer,
+      ...permit2TypedData,
+      signature: permit2Payload.signature
+    });
+  } catch {
+    signatureValid = false;
+  }
+  if (!signatureValid) {
+    const bytecode = await signer.getCode({ address: payer });
+    const isDeployedContract = bytecode && bytecode !== "0x";
+    if (!isDeployedContract) {
+      return {
+        isValid: false,
+        invalidReason: "invalid_permit2_signature",
+        payer
+      };
+    }
+  }
+  if (options?.simulate === false) {
+    return { isValid: true, invalidReason: void 0, payer };
+  }
+  const facilitatorAddress = (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.facilitator);
+  const uptoSettleArgs = buildUptoPermit2SettleArgs(
+    permit2Payload,
+    BigInt(requirements.amount),
+    facilitatorAddress
+  );
+  const eip2612InfoForSim = extractEip2612GasSponsoringInfo(payload);
+  if (eip2612InfoForSim) {
+    const fieldResult = validateEip2612PermitForPayment(eip2612InfoForSim, payer, tokenAddress);
+    if (!fieldResult.isValid) {
+      return { isValid: false, invalidReason: fieldResult.invalidReason, payer };
+    }
+    const simOk2 = await simulatePermit2SettleWithPermit(
+      uptoProxyConfig,
+      signer,
+      uptoSettleArgs,
+      eip2612InfoForSim
+    );
+    if (!simOk2) {
+      return diagnosePermit2SimulationFailure(
+        uptoProxyConfig,
+        signer,
+        tokenAddress,
+        permit2Payload,
+        requirements.amount
+      );
+    }
+    return { isValid: true, invalidReason: void 0, payer };
+  }
+  const erc20GasSponsorshipExtension = context?.getExtension(
+    ERC20_APPROVAL_GAS_SPONSORING_KEY
+  );
+  if (erc20GasSponsorshipExtension) {
+    const erc20Info = extractErc20ApprovalGasSponsoringInfo(payload);
+    if (erc20Info) {
+      const fieldResult = await validateErc20ApprovalForPayment(erc20Info, payer, tokenAddress);
+      if (!fieldResult.isValid) {
+        return { isValid: false, invalidReason: fieldResult.invalidReason, payer };
+      }
+      const extensionSigner = resolveErc20ApprovalExtensionSigner(
+        erc20GasSponsorshipExtension,
+        requirements.network
+      );
+      if (extensionSigner?.simulateTransactions) {
+        const simOk2 = await simulatePermit2SettleWithErc20Approval(
+          uptoProxyConfig,
+          extensionSigner,
+          uptoSettleArgs,
+          erc20Info
+        );
+        if (!simOk2) {
+          return diagnosePermit2SimulationFailure(
+            uptoProxyConfig,
+            signer,
+            tokenAddress,
+            permit2Payload,
+            requirements.amount
+          );
+        }
+        return { isValid: true, invalidReason: void 0, payer };
+      }
+      return checkPermit2Prerequisites(
+        uptoProxyConfig,
+        signer,
+        tokenAddress,
+        payer,
+        requirements.amount
+      );
+    }
+  }
+  const simOk = await simulatePermit2Settle(uptoProxyConfig, signer, uptoSettleArgs);
+  if (!simOk) {
+    return diagnosePermit2SimulationFailure(
+      uptoProxyConfig,
+      signer,
+      tokenAddress,
+      permit2Payload,
+      requirements.amount
+    );
+  }
+  return {
+    isValid: true,
+    invalidReason: void 0,
+    payer
+  };
+}
+async function settleUptoPermit2(signer, payload, requirements, permit2Payload, context, config) {
+  const payer = permit2Payload.permit2Authorization.from;
+  const settlementAmount = BigInt(requirements.amount);
+  const verifyRequirements = {
+    ...requirements,
+    amount: permit2Payload.permit2Authorization.permitted.amount
+  };
+  const valid = await verifyUptoPermit2(
+    signer,
+    payload,
+    verifyRequirements,
+    permit2Payload,
+    context,
+    { simulate: config?.simulateInSettle ?? true }
+  );
+  if (!valid.isValid) {
+    return {
+      success: false,
+      network: payload.accepted.network,
+      transaction: "",
+      errorReason: valid.invalidReason ?? "invalid_scheme",
+      payer
+    };
+  }
+  if (settlementAmount === 0n) {
+    return {
+      success: true,
+      transaction: "",
+      network: payload.accepted.network,
+      payer,
+      amount: "0"
+    };
+  }
+  if (settlementAmount > BigInt(permit2Payload.permit2Authorization.permitted.amount)) {
+    return {
+      success: false,
+      network: payload.accepted.network,
+      transaction: "",
+      errorReason: ErrUptoSettlementExceedsAmount,
+      payer
+    };
+  }
+  const facilitatorAddress = (0, import_viem5.getAddress)(permit2Payload.permit2Authorization.witness.facilitator);
+  const eip2612Info = extractEip2612GasSponsoringInfo(payload);
+  if (eip2612Info) {
+    return settleUptoWithEIP2612(
+      signer,
+      payload,
+      permit2Payload,
+      eip2612Info,
+      settlementAmount,
+      facilitatorAddress
+    );
+  }
+  const erc20Info = extractErc20ApprovalGasSponsoringInfo(payload);
+  if (erc20Info) {
+    const erc20GasSponsorshipExtension = context?.getExtension(
+      ERC20_APPROVAL_GAS_SPONSORING_KEY
+    );
+    const extensionSigner = resolveErc20ApprovalExtensionSigner(
+      erc20GasSponsorshipExtension,
+      payload.accepted.network
+    );
+    if (extensionSigner) {
+      return settleUptoWithERC20Approval(
+        extensionSigner,
+        payload,
+        permit2Payload,
+        erc20Info,
+        settlementAmount,
+        facilitatorAddress
+      );
+    }
+  }
+  return settleUptoDirect(signer, payload, permit2Payload, settlementAmount, facilitatorAddress);
+}
+async function settleUptoWithEIP2612(signer, payload, permit2Payload, eip2612Info, settlementAmount, facilitatorAddress) {
+  const payer = permit2Payload.permit2Authorization.from;
+  try {
+    const { v, r, s } = splitEip2612Signature(eip2612Info.signature);
+    const tx = await signer.writeContract({
+      address: uptoProxyConfig.proxyAddress,
+      abi: uptoProxyConfig.proxyABI,
+      functionName: "settleWithPermit",
+      args: [
+        {
+          value: BigInt(eip2612Info.amount),
+          deadline: BigInt(eip2612Info.deadline),
+          r,
+          s,
+          v
+        },
+        ...buildUptoPermit2SettleArgs(permit2Payload, settlementAmount, facilitatorAddress)
+      ]
+    });
+    const response = await waitAndReturnSettleResponse(signer, tx, payload, payer);
+    return { ...response, amount: settlementAmount.toString() };
+  } catch (error) {
+    return mapSettleError(error, payload, payer);
+  }
+}
+async function settleUptoWithERC20Approval(extensionSigner, payload, permit2Payload, erc20Info, settlementAmount, facilitatorAddress) {
+  const payer = permit2Payload.permit2Authorization.from;
+  try {
+    const settleData = (0, import_viem5.encodeFunctionData)({
+      abi: uptoProxyConfig.proxyABI,
+      functionName: "settle",
+      args: buildUptoPermit2SettleArgs(permit2Payload, settlementAmount, facilitatorAddress)
+    });
+    const txHashes = await extensionSigner.sendTransactions([
+      erc20Info.signedTransaction,
+      { to: uptoProxyConfig.proxyAddress, data: settleData, gas: BigInt(3e5) }
+    ]);
+    const settleTxHash = txHashes[txHashes.length - 1];
+    const response = await waitAndReturnSettleResponse(
+      extensionSigner,
+      settleTxHash,
+      payload,
+      payer
+    );
+    return { ...response, amount: settlementAmount.toString() };
+  } catch (error) {
+    return mapSettleError(error, payload, payer);
+  }
+}
+async function settleUptoDirect(signer, payload, permit2Payload, settlementAmount, facilitatorAddress) {
+  const payer = permit2Payload.permit2Authorization.from;
+  try {
+    const tx = await signer.writeContract({
+      address: uptoProxyConfig.proxyAddress,
+      abi: uptoProxyConfig.proxyABI,
+      functionName: "settle",
+      args: buildUptoPermit2SettleArgs(permit2Payload, settlementAmount, facilitatorAddress)
+    });
+    const response = await waitAndReturnSettleResponse(signer, tx, payload, payer);
+    return { ...response, amount: settlementAmount.toString() };
+  } catch (error) {
+    return mapSettleError(error, payload, payer);
+  }
+}
+
+// src/upto/facilitator/scheme.ts
+var UptoEvmScheme = class {
+  /**
+   * Creates a new UptoEvmScheme facilitator instance.
+   *
+   * @param signer - The EVM signer for facilitator operations
+   */
+  constructor(signer) {
+    this.signer = signer;
+    this.scheme = "upto";
+    this.caipFamily = "eip155:*";
+  }
+  /**
+   * Returns extra metadata required by the upto scheme, including the facilitator address.
+   *
+   * @param _ - The network identifier (unused)
+   * @returns Object with facilitatorAddress, or undefined if no signer addresses are available
+   */
+  getExtra(_) {
+    const addresses = this.signer.getAddresses();
+    if (addresses.length === 0) {
+      return void 0;
+    }
+    return { facilitatorAddress: addresses[Math.floor(Math.random() * addresses.length)] };
+  }
+  /**
+   * Returns the list of facilitator signer addresses for the upto scheme.
+   *
+   * @param _ - The network identifier (unused)
+   * @returns Array of facilitator signer addresses
+   */
+  getSigners(_) {
+    return [...this.signer.getAddresses()];
+  }
+  /**
+   * Verifies an upto Permit2 payment payload against the given requirements.
+   *
+   * @param payload - The payment payload to verify
+   * @param requirements - The payment requirements to verify against
+   * @param context - Optional facilitator context
+   * @returns Promise resolving to a verification response
+   */
+  async verify(payload, requirements, context) {
+    const rawPayload = payload.payload;
+    if (!isUptoPermit2Payload(rawPayload)) {
+      return { isValid: false, invalidReason: "unsupported_payload_type", payer: "" };
+    }
+    return verifyUptoPermit2(
+      this.signer,
+      payload,
+      requirements,
+      rawPayload,
+      context
+    );
+  }
+  /**
+   * Settles an upto Permit2 payment on-chain.
+   *
+   * @param payload - The payment payload to settle
+   * @param requirements - The payment requirements
+   * @param context - Optional facilitator context
+   * @returns Promise resolving to a settlement response
+   */
+  async settle(payload, requirements, context) {
+    const rawPayload = payload.payload;
+    if (!isUptoPermit2Payload(rawPayload)) {
+      return {
+        success: false,
+        network: payload.accepted.network,
+        transaction: "",
+        errorReason: "unsupported_payload_type",
+        payer: ""
+      };
+    }
+    return settleUptoPermit2(
+      this.signer,
+      payload,
+      requirements,
+      rawPayload,
+      context
+    );
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  UptoEvmScheme
+});
+//# sourceMappingURL=index.js.map