npm - agentpay-mcp - Versions diffs - 1.2.0 → 3.1.0 - Mend

agentpay-mcp 1.2.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/.env.example +37 -0
package/LICENSE +21 -0
package/README.md +380 -31
package/claude_desktop_config.json +17 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +166 -0
package/dist/index.js.map +1 -0
package/dist/session/manager.d.ts +90 -0
package/dist/session/manager.d.ts.map +1 -0
package/dist/session/manager.js +262 -0
package/dist/session/manager.js.map +1 -0
package/dist/session/types.d.ts +113 -0
package/dist/session/types.d.ts.map +1 -0
package/dist/session/types.js +16 -0
package/dist/session/types.js.map +1 -0
package/dist/tools/deploy.d.ts +49 -0
package/dist/tools/deploy.d.ts.map +1 -0
package/dist/tools/deploy.js +123 -0
package/dist/tools/deploy.js.map +1 -0
package/dist/tools/history.d.ts +59 -0
package/dist/tools/history.d.ts.map +1 -0
package/dist/tools/history.js +202 -0
package/dist/tools/history.js.map +1 -0
package/dist/tools/payments.d.ts +71 -0
package/dist/tools/payments.d.ts.map +1 -0
package/dist/tools/payments.js +158 -0
package/dist/tools/payments.js.map +1 -0
package/dist/tools/session.d.ts +240 -0
package/dist/tools/session.d.ts.map +1 -0
package/dist/tools/session.js +678 -0
package/dist/tools/session.js.map +1 -0
package/dist/tools/wallet.d.ts +107 -0
package/dist/tools/wallet.d.ts.map +1 -0
package/dist/tools/wallet.js +271 -0
package/dist/tools/wallet.js.map +1 -0
package/dist/tools/x402.d.ts +90 -0
package/dist/tools/x402.d.ts.map +1 -0
package/dist/tools/x402.js +268 -0
package/dist/tools/x402.js.map +1 -0
package/dist/utils/client.d.ts +46 -0
package/dist/utils/client.d.ts.map +1 -0
package/dist/utils/client.js +123 -0
package/dist/utils/client.js.map +1 -0
package/dist/utils/format.d.ts +59 -0
package/dist/utils/format.d.ts.map +1 -0
package/dist/utils/format.js +161 -0
package/dist/utils/format.js.map +1 -0
package/package.json +58 -12
package/index.d.ts +0 -1
package/index.js +0 -13

package/dist/index.js ADDED Viewed

@@ -0,0 +1,166 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * AgentPay MCP Server — Entry Point
+ *
+ * Exposes Agent Wallet SDK tools via the Model Context Protocol (MCP).
+ * Compatible with Claude Desktop, Cursor, Windsurf, and any MCP client.
+ *
+ * v1.1.0 adds x402 V2 session payment support:
+ *   - x402_session_start  — pay once, receive a signed session token
+ *   - x402_session_fetch  — make N calls within a session (no new payments)
+ *   - x402_session_status — inspect active sessions and TTL
+ *   - x402_session_end    — close a session explicitly
+ *
+ * Transport: stdio (standard MCP transport)
+ * Config:    AGENT_PRIVATE_KEY + AGENT_WALLET_ADDRESS env vars required
+ */
+const index_js_1 = require("@modelcontextprotocol/sdk/server/index.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+// ─── Tool imports (v1.0.0) ─────────────────────────────────────────────────
+const deploy_js_1 = require("./tools/deploy.js");
+const wallet_js_1 = require("./tools/wallet.js");
+const wallet_js_2 = require("./tools/wallet.js");
+const wallet_js_3 = require("./tools/wallet.js");
+const payments_js_1 = require("./tools/payments.js");
+const x402_js_1 = require("./tools/x402.js");
+const history_js_1 = require("./tools/history.js");
+// ─── Tool imports (v1.1.0 — x402 V2 session payments) ─────────────────────
+const session_js_1 = require("./tools/session.js");
+// ─── Server configuration ──────────────────────────────────────────────────
+const SERVER_INFO = {
+    name: 'agentpay-mcp',
+    version: '1.1.0',
+};
+const SERVER_CAPABILITIES = {
+    tools: {},
+};
+// ─── Tool registry ─────────────────────────────────────────────────────────
+const ALL_TOOLS = [
+    // v1.0.0 tools
+    deploy_js_1.deployWalletTool,
+    wallet_js_1.getWalletInfoTool,
+    payments_js_1.sendPaymentTool,
+    wallet_js_2.checkSpendLimitTool,
+    wallet_js_3.queueApprovalTool,
+    x402_js_1.x402PayTool,
+    history_js_1.getTransactionHistoryTool,
+    // v1.1.0 — x402 V2 session tools
+    session_js_1.x402SessionStartTool,
+    session_js_1.x402SessionFetchTool,
+    session_js_1.x402SessionStatusTool,
+    session_js_1.x402SessionEndTool,
+];
+// ─── Server initialization ─────────────────────────────────────────────────
+const server = new index_js_1.Server(SERVER_INFO, {
+    capabilities: SERVER_CAPABILITIES,
+});
+// ─── List tools handler ────────────────────────────────────────────────────
+server.setRequestHandler(types_js_1.ListToolsRequestSchema, async () => {
+    return {
+        tools: ALL_TOOLS,
+    };
+});
+// ─── Call tool handler ─────────────────────────────────────────────────────
+server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    try {
+        switch (name) {
+            // ── v1.0.0 tools ──────────────────────────────────────────────────
+            case 'deploy_wallet': {
+                const input = deploy_js_1.DeployWalletSchema.parse(args);
+                return (0, deploy_js_1.handleDeployWallet)(input);
+            }
+            case 'get_wallet_info': {
+                const input = wallet_js_1.GetWalletInfoSchema.parse(args ?? {});
+                return (0, wallet_js_1.handleGetWalletInfo)(input);
+            }
+            case 'send_payment': {
+                const input = payments_js_1.SendPaymentSchema.parse(args);
+                return (0, payments_js_1.handleSendPayment)(input);
+            }
+            case 'check_spend_limit': {
+                const input = wallet_js_2.CheckSpendLimitSchema.parse(args);
+                return (0, wallet_js_2.handleCheckSpendLimit)(input);
+            }
+            case 'queue_approval': {
+                const input = wallet_js_3.QueueApprovalSchema.parse(args);
+                return (0, wallet_js_3.handleQueueApproval)(input);
+            }
+            case 'x402_pay': {
+                const input = x402_js_1.X402PaySchema.parse(args);
+                return (0, x402_js_1.handleX402Pay)(input);
+            }
+            case 'get_transaction_history': {
+                const input = history_js_1.GetTransactionHistorySchema.parse(args ?? {});
+                return (0, history_js_1.handleGetTransactionHistory)(input);
+            }
+            // ── v1.1.0 — x402 V2 session tools ───────────────────────────────
+            case 'x402_session_start': {
+                const input = session_js_1.X402SessionStartSchema.parse(args);
+                return (0, session_js_1.handleX402SessionStart)(input);
+            }
+            case 'x402_session_fetch': {
+                const input = session_js_1.X402SessionFetchSchema.parse(args);
+                return (0, session_js_1.handleX402SessionFetch)(input);
+            }
+            case 'x402_session_status': {
+                const input = session_js_1.X402SessionStatusSchema.parse(args ?? {});
+                return (0, session_js_1.handleX402SessionStatus)(input);
+            }
+            case 'x402_session_end': {
+                const input = session_js_1.X402SessionEndSchema.parse(args);
+                return (0, session_js_1.handleX402SessionEnd)(input);
+            }
+            default:
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `❌ Unknown tool: "${name}". Available tools: ${ALL_TOOLS.map(t => t.name).join(', ')}`,
+                        },
+                    ],
+                    isError: true,
+                };
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: `❌ Tool "${name}" failed: ${message}`,
+                },
+            ],
+            isError: true,
+        };
+    }
+});
+// ─── Start server ──────────────────────────────────────────────────────────
+async function main() {
+    const transport = new stdio_js_1.StdioServerTransport();
+    // Graceful shutdown
+    process.on('SIGINT', async () => {
+        await server.close();
+        process.exit(0);
+    });
+    process.on('SIGTERM', async () => {
+        await server.close();
+        process.exit(0);
+    });
+    await server.connect(transport);
+    // Log to stderr (not stdout — stdout is reserved for MCP protocol)
+    process.stderr.write(`AgentPay MCP v1.1.0 started. ` +
+        `Wallet: ${process.env['AGENT_WALLET_ADDRESS'] ?? '(not configured)'} | ` +
+        `Chain: ${process.env['CHAIN_ID'] ?? '8453 (Base Mainnet)'} | ` +
+        `Session TTL: ${process.env['SESSION_TTL_SECONDS'] ?? '3600'}s\n`);
+}
+main().catch((error) => {
+    const msg = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Fatal error starting AgentPay MCP: ${msg}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA;;;;;;;;;;;;;;GAcG;AACH,wEAAmE;AACnE,wEAAiF;AACjF,iEAI4C;AAE5C,8EAA8E;AAE9E,iDAA6F;AAC7F,iDAAgG;AAChG,iDAAsG;AACtG,iDAAgG;AAChG,qDAA4F;AAC5F,6CAA4E;AAC5E,mDAAyH;AAEzH,6EAA6E;AAE7E,mDAa4B;AAE5B,8EAA8E;AAE9E,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,OAAO;CACjB,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,KAAK,EAAE,EAAE;CACV,CAAC;AAEF,8EAA8E;AAE9E,MAAM,SAAS,GAAG;IAChB,eAAe;IACf,4BAAgB;IAChB,6BAAiB;IACjB,6BAAe;IACf,+BAAmB;IACnB,6BAAiB;IACjB,qBAAW;IACX,sCAAyB;IACzB,iCAAiC;IACjC,iCAAoB;IACpB,iCAAoB;IACpB,kCAAqB;IACrB,+BAAkB;CACnB,CAAC;AAEF,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAC,WAAW,EAAE;IACrC,YAAY,EAAE,mBAAmB;CAClC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,MAAM,CAAC,iBAAiB,CAAC,iCAAsB,EAAE,KAAK,IAAI,EAAE;IAC1D,OAAO;QACL,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,MAAM,CAAC,iBAAiB,CAAC,gCAAqB,EAAE,KAAK,EAAE,OAAwB,EAAE,EAAE;IACjF,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAEjD,IAAI,CAAC;QACH,QAAQ,IAAI,EAAE,CAAC;YACb,qEAAqE;YAErE,KAAK,eAAe,CAAC,CAAC,CAAC;gBACrB,MAAM,KAAK,GAAG,8BAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC7C,OAAO,IAAA,8BAAkB,EAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,MAAM,KAAK,GAAG,+BAAmB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAA,+BAAmB,EAAC,KAAK,CAAC,CAAC;YACpC,CAAC;YAED,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,MAAM,KAAK,GAAG,+BAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC5C,OAAO,IAAA,+BAAiB,EAAC,KAAK,CAAC,CAAC;YAClC,CAAC;YAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,MAAM,KAAK,GAAG,iCAAqB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChD,OAAO,IAAA,iCAAqB,EAAC,KAAK,CAAC,CAAC;YACtC,CAAC;YAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,MAAM,KAAK,GAAG,+BAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC9C,OAAO,IAAA,+BAAmB,EAAC,KAAK,CAAC,CAAC;YACpC,CAAC;YAED,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,KAAK,GAAG,uBAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACxC,OAAO,IAAA,uBAAa,EAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;YAED,KAAK,yBAAyB,CAAC,CAAC,CAAC;gBAC/B,MAAM,KAAK,GAAG,wCAA2B,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC5D,OAAO,IAAA,wCAA2B,EAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,oEAAoE;YAEpE,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,MAAM,KAAK,GAAG,mCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjD,OAAO,IAAA,mCAAsB,EAAC,KAAK,CAAC,CAAC;YACvC,CAAC;YAED,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,MAAM,KAAK,GAAG,mCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjD,OAAO,IAAA,mCAAsB,EAAC,KAAK,CAAC,CAAC;YACvC,CAAC;YAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;gBAC3B,MAAM,KAAK,GAAG,oCAAuB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;gBACxD,OAAO,IAAA,oCAAuB,EAAC,KAAK,CAAC,CAAC;YACxC,CAAC;YAED,KAAK,kBAAkB,CAAC,CAAC,CAAC;gBACxB,MAAM,KAAK,GAAG,iCAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/C,OAAO,IAAA,iCAAoB,EAAC,KAAK,CAAC,CAAC;YACrC,CAAC;YAED;gBACE,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,oBAAoB,IAAI,uBAAuB,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBAC7F;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;QACN,CAAC;IACH,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,WAAW,IAAI,aAAa,OAAO,EAAE;iBAC5C;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAE7C,oBAAoB;IACpB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,mEAAmE;IACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,+BAA+B;QAC/B,WAAW,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,kBAAkB,KAAK;QACzE,UAAU,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,qBAAqB,KAAK;QAC/D,gBAAgB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,KAAK,CAClE,CAAC;AACJ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/session/manager.d.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * session/manager.ts — x402 V2 session lifecycle management.
+ *
+ * This module implements the "wallet-based access & reusable sessions" concept
+ * introduced in x402 V2. Agents pay once to establish a cryptographically
+ * authenticated session, then make N subsequent calls without additional
+ * on-chain transactions.
+ *
+ * Non-custodial design:
+ *   - Session tokens are signed locally by the agent's private key
+ *   - No third party holds or validates keys
+ *   - Servers receive a self-contained signed token they can independently verify
+ *   - The SessionManager has zero knowledge of private keys; it only receives
+ *     a signMessage callback injected at creation time
+ *
+ * Token format:
+ *   X-Session-Token: <base64url(JSON payload)>.<hex signature>
+ *   Compatible with x402 V2 SIGN-IN-WITH-X (SIWx) header pattern
+ *   Servers can ecrecover the wallet address without any external service
+ */
+import type { SessionRecord, SessionTokenPayload, CreateSessionOptions, SessionLookupResult } from './types.js';
+/**
+ * HTTP header name for session tokens.
+ * x402 V2 uses modernised header names (no X- prefix per IETF conventions
+ * for new standard headers). We use PAYMENT-SESSION for the session token
+ * and retain X-Session-Token as an alias for broad compatibility.
+ */
+export declare const SESSION_TOKEN_HEADER = "X-Session-Token";
+export declare const SESSION_WALLET_HEADER = "X-Session-Wallet";
+export declare const PAYMENT_SESSION_HEADER = "PAYMENT-SESSION";
+/**
+ * Create a new session after a successful x402 payment.
+ *
+ * Signs a canonical token payload with the agent's private key, creating
+ * a self-verifiable session token that servers can use to grant access
+ * without requiring a new on-chain payment.
+ */
+export declare function createSession(opts: CreateSessionOptions): Promise<SessionRecord>;
+/**
+ * Look up a session by ID.
+ * Returns the record and whether it has expired.
+ */
+export declare function lookupSession(sessionId: string): SessionLookupResult;
+/**
+ * Record a call made within a session.
+ * Updates callCount and lastUsedAt in-place.
+ */
+export declare function recordSessionCall(sessionId: string): void;
+/**
+ * Explicitly end a session (mark as expired by setting expiresAt to past).
+ * Returns true if the session was found and ended.
+ */
+export declare function endSession(sessionId: string): boolean;
+/**
+ * List all active (non-expired) sessions.
+ */
+export declare function listActiveSessions(): SessionRecord[];
+/**
+ * List all sessions (including expired).
+ */
+export declare function listAllSessions(): SessionRecord[];
+/**
+ * Find the best matching active session for a given URL.
+ * Prefers exact-scope matches over prefix-scope.
+ * Used to auto-attach a session to x402_pay when available.
+ */
+export declare function findSessionForUrl(url: string): SessionRecord | undefined;
+/**
+ * Build the HTTP headers to include in a session-authenticated request.
+ * These headers are inspired by x402 V2's SIGN-IN-WITH-X (SIWx) pattern
+ * and the PAYMENT-SESSION header spec.
+ */
+export declare function buildSessionHeaders(session: SessionRecord): Record<string, string>;
+/**
+ * Decode a session token string into its payload and signature.
+ * Useful for display / debugging purposes.
+ */
+export declare function decodeSessionToken(token: string): {
+    payload: SessionTokenPayload;
+    signature: string;
+} | null;
+/**
+ * Get total sessions count (active + expired).
+ */
+export declare function getStoreSize(): number;
+/**
+ * Clear all sessions — for testing only.
+ */
+export declare function _clearAllSessions(): void;
+//# sourceMappingURL=manager.d.ts.map

package/dist/session/manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,KAAK,EACV,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAOpB;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AACtD,eAAO,MAAM,qBAAqB,qBAAqB,CAAC;AACxD,eAAO,MAAM,sBAAsB,oBAAoB,CAAC;AAexD;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,aAAa,CAAC,CAkDtF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,mBAAmB,CAQpE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAQzD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAQrD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,EAAE,CAIpD;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,aAAa,EAAE,CAEjD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAexE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAMlF;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;IACjD,OAAO,EAAE,mBAAmB,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,IAAI,CAcP;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAExC"}

package/dist/session/manager.js ADDED Viewed

@@ -0,0 +1,262 @@
+"use strict";
+/**
+ * session/manager.ts — x402 V2 session lifecycle management.
+ *
+ * This module implements the "wallet-based access & reusable sessions" concept
+ * introduced in x402 V2. Agents pay once to establish a cryptographically
+ * authenticated session, then make N subsequent calls without additional
+ * on-chain transactions.
+ *
+ * Non-custodial design:
+ *   - Session tokens are signed locally by the agent's private key
+ *   - No third party holds or validates keys
+ *   - Servers receive a self-contained signed token they can independently verify
+ *   - The SessionManager has zero knowledge of private keys; it only receives
+ *     a signMessage callback injected at creation time
+ *
+ * Token format:
+ *   X-Session-Token: <base64url(JSON payload)>.<hex signature>
+ *   Compatible with x402 V2 SIGN-IN-WITH-X (SIWx) header pattern
+ *   Servers can ecrecover the wallet address without any external service
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PAYMENT_SESSION_HEADER = exports.SESSION_WALLET_HEADER = exports.SESSION_TOKEN_HEADER = void 0;
+exports.createSession = createSession;
+exports.lookupSession = lookupSession;
+exports.recordSessionCall = recordSessionCall;
+exports.endSession = endSession;
+exports.listActiveSessions = listActiveSessions;
+exports.listAllSessions = listAllSessions;
+exports.findSessionForUrl = findSessionForUrl;
+exports.buildSessionHeaders = buildSessionHeaders;
+exports.decodeSessionToken = decodeSessionToken;
+exports.getStoreSize = getStoreSize;
+exports._clearAllSessions = _clearAllSessions;
+const crypto_1 = require("crypto");
+// ─── Constants ─────────────────────────────────────────────────────────────
+/** Default session TTL in seconds (1 hour) */
+const DEFAULT_TTL_SECONDS = 3600;
+/**
+ * HTTP header name for session tokens.
+ * x402 V2 uses modernised header names (no X- prefix per IETF conventions
+ * for new standard headers). We use PAYMENT-SESSION for the session token
+ * and retain X-Session-Token as an alias for broad compatibility.
+ */
+exports.SESSION_TOKEN_HEADER = 'X-Session-Token';
+exports.SESSION_WALLET_HEADER = 'X-Session-Wallet';
+exports.PAYMENT_SESSION_HEADER = 'PAYMENT-SESSION';
+// ─── Session store ─────────────────────────────────────────────────────────
+/**
+ * In-memory session store. Sessions survive within the MCP server process
+ * lifetime (typically as long as the AI client has the server running).
+ *
+ * Key: sessionId (UUIDv4)
+ * Value: SessionRecord
+ */
+const store = new Map();
+// ─── Public API ────────────────────────────────────────────────────────────
+/**
+ * Create a new session after a successful x402 payment.
+ *
+ * Signs a canonical token payload with the agent's private key, creating
+ * a self-verifiable session token that servers can use to grant access
+ * without requiring a new on-chain payment.
+ */
+async function createSession(opts) {
+    const sessionId = (0, crypto_1.randomUUID)();
+    const now = Math.floor(Date.now() / 1000);
+    const ttl = opts.ttlSeconds ?? parseTtlFromEnv();
+    const expiresAt = now + ttl;
+    const payload = {
+        version: 'clawpay/1.1',
+        sessionId,
+        walletAddress: opts.walletAddress,
+        endpoint: opts.endpoint,
+        scope: opts.scope ?? 'prefix',
+        createdAt: now,
+        expiresAt,
+        paymentTxHash: opts.paymentTxHash,
+        paymentAmount: opts.paymentAmount.toString(),
+    };
+    // Deterministic canonical JSON (keys sorted alphabetically)
+    const canonicalPayload = canonicalise(payload);
+    const payloadB64 = Buffer.from(canonicalPayload).toString('base64url');
+    // Sign with agent's private key — non-custodial, local only
+    const signature = await opts.signMessage(canonicalPayload);
+    // Combined token: base64url(payload).hexSignature
+    const sessionToken = `${payloadB64}.${signature}`;
+    const record = {
+        sessionId,
+        endpoint: opts.endpoint,
+        scope: opts.scope ?? 'prefix',
+        walletAddress: opts.walletAddress,
+        createdAt: now,
+        expiresAt,
+        paymentTxHash: opts.paymentTxHash,
+        paymentAmount: opts.paymentAmount.toString(),
+        paymentToken: opts.paymentToken,
+        paymentRecipient: opts.paymentRecipient,
+        sessionToken,
+        signature,
+        label: opts.label,
+        callCount: 0,
+        lastUsedAt: now,
+    };
+    store.set(sessionId, record);
+    pruneExpired();
+    return record;
+}
+/**
+ * Look up a session by ID.
+ * Returns the record and whether it has expired.
+ */
+function lookupSession(sessionId) {
+    const session = store.get(sessionId);
+    if (!session)
+        return { found: false };
+    const now = Math.floor(Date.now() / 1000);
+    const expired = now >= session.expiresAt;
+    return { found: true, session, expired };
+}
+/**
+ * Record a call made within a session.
+ * Updates callCount and lastUsedAt in-place.
+ */
+function recordSessionCall(sessionId) {
+    const session = store.get(sessionId);
+    if (!session)
+        return;
+    // Mutate callCount and lastUsedAt (the only mutable fields)
+    const mutable = session;
+    mutable.callCount += 1;
+    mutable.lastUsedAt = Math.floor(Date.now() / 1000);
+}
+/**
+ * Explicitly end a session (mark as expired by setting expiresAt to past).
+ * Returns true if the session was found and ended.
+ */
+function endSession(sessionId) {
+    const session = store.get(sessionId);
+    if (!session)
+        return false;
+    // Force-expire it
+    const mutable = session;
+    mutable.expiresAt = 0;
+    return true;
+}
+/**
+ * List all active (non-expired) sessions.
+ */
+function listActiveSessions() {
+    pruneExpired();
+    const now = Math.floor(Date.now() / 1000);
+    return Array.from(store.values()).filter((s) => s.expiresAt > now);
+}
+/**
+ * List all sessions (including expired).
+ */
+function listAllSessions() {
+    return Array.from(store.values());
+}
+/**
+ * Find the best matching active session for a given URL.
+ * Prefers exact-scope matches over prefix-scope.
+ * Used to auto-attach a session to x402_pay when available.
+ */
+function findSessionForUrl(url) {
+    const now = Math.floor(Date.now() / 1000);
+    // Collect all valid sessions
+    const active = Array.from(store.values()).filter((s) => s.expiresAt > now);
+    // Try exact match first
+    const exact = active.find((s) => s.scope === 'exact' && s.endpoint === url);
+    if (exact)
+        return exact;
+    // Try prefix match
+    const prefix = active.find((s) => s.scope === 'prefix' && url.startsWith(s.endpoint));
+    if (prefix)
+        return prefix;
+    return undefined;
+}
+/**
+ * Build the HTTP headers to include in a session-authenticated request.
+ * These headers are inspired by x402 V2's SIGN-IN-WITH-X (SIWx) pattern
+ * and the PAYMENT-SESSION header spec.
+ */
+function buildSessionHeaders(session) {
+    return {
+        [exports.SESSION_TOKEN_HEADER]: session.sessionToken,
+        [exports.SESSION_WALLET_HEADER]: session.walletAddress,
+        [exports.PAYMENT_SESSION_HEADER]: session.sessionId,
+    };
+}
+/**
+ * Decode a session token string into its payload and signature.
+ * Useful for display / debugging purposes.
+ */
+function decodeSessionToken(token) {
+    const dotIdx = token.lastIndexOf('.');
+    if (dotIdx === -1)
+        return null;
+    const payloadB64 = token.slice(0, dotIdx);
+    const signature = token.slice(dotIdx + 1);
+    try {
+        const payloadJson = Buffer.from(payloadB64, 'base64url').toString('utf-8');
+        const payload = JSON.parse(payloadJson);
+        return { payload, signature };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Get total sessions count (active + expired).
+ */
+function getStoreSize() {
+    return store.size;
+}
+/**
+ * Clear all sessions — for testing only.
+ */
+function _clearAllSessions() {
+    store.clear();
+}
+// ─── Internal helpers ──────────────────────────────────────────────────────
+/**
+ * Produce a deterministic canonical JSON representation.
+ * Keys are sorted alphabetically to ensure signing is reproducible.
+ */
+function canonicalise(obj) {
+    const sorted = Object.keys(obj)
+        .sort()
+        .reduce((acc, key) => {
+        acc[key] = obj[key];
+        return acc;
+    }, {});
+    return JSON.stringify(sorted);
+}
+/**
+ * Remove expired sessions from the store.
+ * Called automatically on create and list operations.
+ */
+function pruneExpired() {
+    const now = Math.floor(Date.now() / 1000);
+    for (const [id, session] of store.entries()) {
+        if (session.expiresAt <= now) {
+            store.delete(id);
+        }
+    }
+}
+/**
+ * Parse session TTL from environment variable.
+ */
+function parseTtlFromEnv() {
+    const raw = process.env['SESSION_TTL_SECONDS'];
+    if (!raw)
+        return DEFAULT_TTL_SECONDS;
+    const parsed = parseInt(raw, 10);
+    if (isNaN(parsed) || parsed <= 0)
+        return DEFAULT_TTL_SECONDS;
+    // Cap at 30 days
+    return Math.min(parsed, 86400 * 30);
+}
+//# sourceMappingURL=manager.js.map

package/dist/session/manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;AA6CH,sCAkDC;AAMD,sCAQC;AAMD,8CAQC;AAMD,gCAQC;AAKD,gDAIC;AAKD,0CAEC;AAOD,8CAeC;AAOD,kDAMC;AAMD,gDAiBC;AAKD,oCAEC;AAKD,8CAEC;AA/ND,mCAAoC;AAQpC,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAEjC;;;;;GAKG;AACU,QAAA,oBAAoB,GAAG,iBAAiB,CAAC;AACzC,QAAA,qBAAqB,GAAG,kBAAkB,CAAC;AAC3C,QAAA,sBAAsB,GAAG,iBAAiB,CAAC;AAExD,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAC;AAE/C,8EAA8E;AAE9E;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,IAA0B;IAC5D,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,eAAe,EAAE,CAAC;IACjD,MAAM,SAAS,GAAG,GAAG,GAAG,GAAG,CAAC;IAE5B,MAAM,OAAO,GAAwB;QACnC,OAAO,EAAE,aAAa;QACtB,SAAS;QACT,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,QAAQ;QAC7B,SAAS,EAAE,GAAG;QACd,SAAS;QACT,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;KAC7C,CAAC;IAEF,4DAA4D;IAC5D,MAAM,gBAAgB,GAAG,YAAY,CAAC,OAA6C,CAAC,CAAC;IACrF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEvE,4DAA4D;IAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAE3D,kDAAkD;IAClD,MAAM,YAAY,GAAG,GAAG,UAAU,IAAI,SAAS,EAAE,CAAC;IAElD,MAAM,MAAM,GAAkB;QAC5B,SAAS;QACT,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,QAAQ;QAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,SAAS,EAAE,GAAG;QACd,SAAS;QACT,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;QAC5C,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,YAAY;QACZ,SAAS;QACT,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,CAAC;QACZ,UAAU,EAAE,GAAG;KAChB,CAAC;IAEF,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7B,YAAY,EAAE,CAAC;IAEf,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,SAAiB;IAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAEtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC;IAEzC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,SAAiB;IACjD,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,4DAA4D;IAC5D,MAAM,OAAO,GAAG,OAAoD,CAAC;IACrE,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;IACvB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,SAAiB;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,kBAAkB;IAClB,MAAM,OAAO,GAAG,OAAgC,CAAC;IACjD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,YAAY,EAAE,CAAC;IACf,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe;IAC7B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,6BAA6B;IAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;IAE3E,wBAAwB;IACxB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC;IAC5E,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IAExB,mBAAmB;IACnB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtF,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,OAAsB;IACxD,OAAO;QACL,CAAC,4BAAoB,CAAC,EAAE,OAAO,CAAC,YAAY;QAC5C,CAAC,6BAAqB,CAAC,EAAE,OAAO,CAAC,aAAa;QAC9C,CAAC,8BAAsB,CAAC,EAAE,OAAO,CAAC,SAAS;KAC5C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,KAAa;IAI9C,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,MAAM,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAwB,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,YAAY,CAAC,GAA4B;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC5B,IAAI,EAAE;SACN,MAAM,CAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5C,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY;IACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,OAAO,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;YAC7B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/C,IAAI,CAAC,GAAG;QAAE,OAAO,mBAAmB,CAAC;IACrC,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAC7D,iBAAiB;IACjB,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;AACtC,CAAC"}

package/dist/session/types.d.ts ADDED Viewed

@@ -0,0 +1,113 @@
+/**
+ * session/types.ts — Type definitions for x402 V2 session management.
+ *
+ * x402 V2 introduced the concept of "wallet-based access & reusable sessions":
+ * agents pay once to establish a session, then skip on-chain payment on every
+ * subsequent call within that session. This module defines the data structures
+ * that AgentPay MCP uses to implement this pattern non-custodially.
+ *
+ * Reference: https://www.x402.org/writing/x402-v2-launch
+ *   "V2 protocol now includes the logic to support wallet-controlled sessions,
+ *    allowing clients to skip the full payment flow for repeated access if the
+ *    resource was previously purchased."
+ */
+export interface SessionRecord {
+    /** Unique session identifier (UUIDv4) */
+    readonly sessionId: string;
+    /**
+     * Base URL this session covers.
+     * All requests to URLs matching this prefix (or exact URL) are included.
+     */
+    readonly endpoint: string;
+    /**
+     * Scope of the session:
+     *  - "prefix": covers all paths under the endpoint (e.g., all of api.example.com/v1/*)
+     *  - "exact":  covers only the single URL that was paid for
+     */
+    readonly scope: 'prefix' | 'exact';
+    /** Wallet address that owns this session (from AGENT_WALLET_ADDRESS) */
+    readonly walletAddress: string;
+    /** Unix timestamp (seconds) when the session was created */
+    readonly createdAt: number;
+    /** Unix timestamp (seconds) when the session expires */
+    readonly expiresAt: number;
+    /** On-chain transaction hash of the initial session payment */
+    readonly paymentTxHash: string;
+    /** Amount paid (in base units / wei) as a string-encoded bigint */
+    readonly paymentAmount: string;
+    /** Token address that was paid (zero address = native ETH) */
+    readonly paymentToken: string;
+    /** Recipient address of the initial payment */
+    readonly paymentRecipient: string;
+    /**
+     * Cryptographic session token.
+     * Base64url-encoded JSON payload signed by the agent's private key using
+     * secp256k1 ECDSA (viem signMessage). Presented to servers as the
+     * X-Session-Token header — compatible with x402 V2's SIGN-IN-WITH-X pattern.
+     */
+    readonly sessionToken: string;
+    /**
+     * ECDSA signature over the token payload.
+     * Servers can verify ownership of walletAddress without any custody.
+     */
+    readonly signature: string;
+    /**
+     * Human-readable label for this session (optional, set by caller).
+     */
+    readonly label?: string;
+    /** Number of requests made within this session */
+    callCount: number;
+    /** Last request timestamp (Unix seconds) */
+    lastUsedAt: number;
+}
+/**
+ * Canonical payload signed by the agent wallet.
+ * This is serialised to a deterministic JSON string before signing.
+ * Servers that implement x402 V2 session verification can reconstruct this
+ * and call `ecrecover` / viem's `verifyMessage` to confirm wallet identity.
+ */
+export interface SessionTokenPayload {
+    /** Protocol version marker */
+    version: 'clawpay/1.1';
+    sessionId: string;
+    walletAddress: string;
+    endpoint: string;
+    scope: 'prefix' | 'exact';
+    createdAt: number;
+    expiresAt: number;
+    paymentTxHash: string;
+    paymentAmount: string;
+}
+export interface CreateSessionOptions {
+    endpoint: string;
+    scope?: 'prefix' | 'exact';
+    ttlSeconds?: number;
+    label?: string;
+    paymentTxHash: string;
+    paymentAmount: bigint;
+    paymentToken: string;
+    paymentRecipient: string;
+    walletAddress: string;
+    /** viem signMessage function — must match walletAddress */
+    signMessage: (message: string) => Promise<string>;
+}
+export type SessionLookupResult = {
+    found: true;
+    session: SessionRecord;
+    expired: false;
+} | {
+    found: true;
+    session: SessionRecord;
+    expired: true;
+} | {
+    found: false;
+};
+export interface SessionFetchOptions {
+    sessionId: string;
+    url: string;
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    headers?: Record<string, string>;
+    body?: string;
+    timeoutMs?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/session/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/session/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;IAEnC,wEAAwE;IACxE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAE/B,4DAA4D;IAC5D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,wDAAwD;IACxD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,+DAA+D;IAC/D,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAE/B,mEAAmE;IACnE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAE/B,8DAA8D;IAC9D,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B,+CAA+C;IAC/C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAElC;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAExB,kDAAkD;IAClD,SAAS,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,8BAA8B;IAC9B,OAAO,EAAE,aAAa,CAAC;IAEvB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAID,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,2DAA2D;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACnD;AAID,MAAM,MAAM,mBAAmB,GAC3B;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC;IAAC,OAAO,EAAE,KAAK,CAAA;CAAE,GACvD;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACtD;IAAE,KAAK,EAAE,KAAK,CAAA;CAAE,CAAC;AAIrB,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,CAAC;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}