agentpay-mcp 4.1.1 → 4.1.4

package/dist/tools/x402.js.map

@@ -1 +1 @@
-{"version":3,"file":"x402.js","sourceRoot":"","sources":["../../src/tools/x402.ts"],"names":[],"mappings":";;;AAyHA,sCAkLC;AA3SD;;;;;;;;;GASG;AACH,6BAAwB;AACxB,qDAAmD;AACnD,kDAA0D;AAC1D,kDAAyE;AACzE,6CAAsE;AACtE,sDAA0D;AAE1D,8EAA8E;AAEjE,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,GAAG,EAAE,OAAC;SACH,MAAM,EAAE;SACR,GAAG,EAAE;SACL,QAAQ,CAAC,yEAAyE,CAAC;IACtF,MAAM,EAAE,OAAC;SACN,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;SAC/C,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,4BAA4B,CAAC;IACzC,OAAO,EAAE,OAAC;SACP,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SAClB,QAAQ,EAAE;SACV,QAAQ,CAAC,oDAAoD,CAAC;IACjE,IAAI,EAAE,OAAC;SACJ,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,mEAAmE,CAAC;IAChF,eAAe,EAAE,OAAC;SACf,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CACP,kDAAkD;QAClD,2DAA2D;QAC3D,mCAAmC,CACpC;IACH,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,IAAI,CAAC;SACT,GAAG,CAAC,KAAK,CAAC;SACV,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,8DAA8D,CAAC;IAC3E,kBAAkB,EAAE,OAAC;SAClB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CACP,oEAAoE;QACpE,oEAAoE;QACpE,wEAAwE,CACzE;CACJ,CAAC,CAAC;AAIH,8EAA8E;AAEjE,QAAA,WAAW,GAAG;IACzB,IAAI,EAAE,UAAU;IAChB,WAAW,EACT,4EAA4E;QAC5E,kFAAkF;QAClF,8CAA8C;QAC9C,+EAA+E;QAC/E,4FAA4F;QAC5F,gDAAgD;QAChD,mFAAmF;IACrF,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,GAAG,EAAE;gBACH,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6DAA6D;aAC3E;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;gBAC/C,WAAW,EAAE,4BAA4B;gBACzC,OAAO,EAAE,KAAK;aACf;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACxC,WAAW,EAAE,4BAA4B;aAC1C;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;YACD,eAAe,EAAE;gBACf,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,2CAA2C;aACzD;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;gBACvD,OAAO,EAAE,KAAK;aACf;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,4DAA4D;gBACzE,OAAO,EAAE,KAAK;aACf;SACF;QACD,QAAQ,EAAE,CAAC,KAAK,CAAC;KAClB;CACF,CAAC;AAEF,8EAA8E;AAEvE,KAAK,UAAU,aAAa,CACjC,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC;QAE5C,uEAAuE;QACvE,kEAAkE;QAClE,wEAAwE;QACxE,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;YAC9B,MAAM,aAAa,GAAG,IAAA,8BAAiB,EAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,cAAc,GAAG,IAAA,gCAAmB,EAAC,aAAa,CAAC,CAAC;gBAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC;gBACrC,MAAM,aAAa,GAA2B;oBAC5C,QAAQ,EAAE,mCAAmC;oBAC7C,GAAG,cAAc;oBACjB,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;iBACzB,CAAC;gBAEF,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5D,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;wBACnC,aAAa,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;oBACrD,CAAC;gBACH,CAAC;gBAED,MAAM,WAAW,GAAgB;oBAC/B,MAAM;oBACN,OAAO,EAAE,aAAa;oBACtB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;iBACvC,CAAC;gBAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;gBAErD,iEAAiE;gBACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC3C,IAAA,8BAAiB,EAAC,aAAa,CAAC,SAAS,CAAC,CAAC;oBAE3C,MAAM,OAAO,GAAG,IAAI,CAAC;oBACrB,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,GAAG,OAAO,CAAC;oBAChD,MAAM,WAAW,GAAG,SAAS;wBAC3B,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,8BAA8B;wBACjE,CAAC,CAAC,YAAY,CAAC;oBAEjB,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;oBAE7E,IAAI,GAAG,GAAG,wCAAwC,CAAC;oBACnD,GAAG,IAAI,iBAAiB,KAAK,CAAC,GAAG,IAAI,CAAC;oBACtC,GAAG,IAAI,iBAAiB,MAAM,IAAI,CAAC;oBACnC,GAAG,IAAI,iBAAiB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC;oBACnE,GAAG,IAAI,iBAAiB,IAAA,qBAAS,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;oBACtD,GAAG,IAAI,sCAAsC,CAAC;oBAC9C,GAAG,IAAI,iBAAiB,aAAa,CAAC,SAAS,IAAI,CAAC;oBACpD,IAAI,aAAa,CAAC,KAAK;wBAAE,GAAG,IAAI,iBAAiB,aAAa,CAAC,KAAK,IAAI,CAAC;oBACzE,GAAG,IAAI,iBAAiB,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,eAAe,CAAC;oBACpE,GAAG,IAAI,iBAAiB,aAAa,CAAC,SAAS,IAAI,CAAC;oBACpD,GAAG,IAAI,0BAA0B,CAAC;oBAClC,GAAG,IAAI,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;oBAEvC,OAAO,EAAE,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACzC,CAAC;gBAED,wEAAwE;gBACxE,8CAA8C;YAChD,CAAC;QACH,CAAC;QAED,yEAAyE;QAEzE,iCAAiC;QACjC,IAAI,aAAiC,CAAC;QACtC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC9C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,eAAe,GAAG,CAAC,CAAC;YACzE,CAAC;YACD,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC;QACjD,CAAC;QAED,uBAAuB;QACvB,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,IAAI,aAAa,GAAG,EAAE,CAAC;QACvB,IAAI,aAAa,GAAG,EAAE,CAAC;QACvB,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAE1B,0CAA0C;QAC1C,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,MAAM,EAAE;YAC1C,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,CAAC;YACb,+CAA+C;YAC/C,mBAAmB,EAAE,aAAa;YAClC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAClC,IAAI,aAAa,IAAI,MAAM,GAAG,aAAa,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,oCAAoC;wBAC/D,IAAI,aAAa,UAAU,KAAK,CAAC,eAAe,SAAS;wBACzD,2DAA2D,CAC5D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,WAAW,GAAG,IAAI,CAAC;gBACnB,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC3B,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC3B,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC;YACnC,CAAC;SACF,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC;QACrC,MAAM,OAAO,GAA2B;YACtC,QAAQ,EAAE,mCAAmC;YAC7C,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;SACzB,CAAC;QAEF,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAgB;YAC/B,MAAM;YACN,OAAO;YACP,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;SACvC,CAAC;QAEF,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChE,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3C,gDAAgD;QAChD,MAAM,gBAAgB,GAAG,IAAI,CAAC;QAC9B,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,GAAG,gBAAgB,CAAC;QACzD,MAAM,WAAW,GAAG,SAAS;YAC3B,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,8BAA8B;YAC1E,CAAC,CAAC,YAAY,CAAC;QAEjB,IAAI,GAAG,GAAG,8BAA8B,CAAC;QACzC,GAAG,IAAI,cAAc,KAAK,CAAC,GAAG,IAAI,CAAC;QACnC,GAAG,IAAI,cAAc,MAAM,IAAI,CAAC;QAChC,GAAG,IAAI,cAAc,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC;QAChE,GAAG,IAAI,cAAc,IAAA,qBAAS,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;QAEnD,IAAI,WAAW,EAAE,CAAC;YAChB,GAAG,IAAI,yBAAyB,CAAC;YACjC,GAAG,IAAI,gBAAgB,aAAa,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACjE,GAAG,IAAI,gBAAgB,gBAAgB,IAAI,CAAC;YAC5C,GAAG,IAAI,gBAAgB,aAAa,IAAI,CAAC;YACzC,GAAG,IAAI,0FAA0F,CAAC;QACpG,CAAC;aAAM,CAAC;YACN,GAAG,IAAI,2BAA2B,CAAC;QACrC,CAAC;QAED,GAAG,IAAI,0BAA0B,CAAC;QAClC,GAAG,IAAI,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;QAEvC,OAAO,EAAE,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC,EAAE,CAAC;IACzC,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,iCAAiC;QACjC,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,8CAA8C,KAAK,CAAC,UAAU,IAAI,KAAK,IAAI,CAAC,CAAC;gBACnG,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,IAAA,uBAAW,EAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"x402.js","sourceRoot":"","sources":["../../src/tools/x402.ts"],"names":[],"mappings":";;;AA4MA,sCA0LC;AAtYD;;;;;;;;;GASG;AACH,6BAAwB;AACxB,qDAAmD;AACnD,kDAA0D;AAC1D,kDAAyE;AACzE,gEAImC;AACnC,6CAAsE;AACtE,sDAA0D;AAe1D,SAAS,8BAA8B,CAAC,WAA0B;IAChE,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAwB,CAAC;QAC1D,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,4BAA4B,CAAC,YAAoB;IACxD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAwB,CAAC;QAC/D,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAAmB,EACnB,QAAkB,EAClB,YAAoB,EACpB,OAAe;IAEf,MAAM,YAAY,GAChB,8BAA8B,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACxE,8BAA8B,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAC1E,4BAA4B,CAAC,YAAY,CAAC,CAAC;IAE7C,MAAM,iBAAiB,GAAG,IAAA,gDAA6B,EAAC,OAAO,CAAC,CAAC;IACjE,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAChC,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAqB,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAC1H,CAAC;IACF,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAC/B,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAoB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CACtH,CAAC;IACF,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,oCAAiB,CAAC,CAAC;IAE5D,IAAI,GAAG,GAAG,gEAAgE,CAAC;IAC3E,GAAG,IAAI,gBAAgB,KAAK,CAAC,GAAG,IAAI,CAAC;IACrC,GAAG,IAAI,gBAAgB,KAAK,CAAC,MAAM,IAAI,KAAK,IAAI,CAAC;IACjD,GAAG,IAAI,gBAAgB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC;IAClE,GAAG,IAAI,gBAAgB,iBAAiB,IAAI,CAAC;IAC7C,GAAG,IAAI,gBAAgB,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC;IACrG,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,IAAI,gBAAgB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACpF,GAAG,IAAI,+EAA+E;QACpF,yFAAyF,CAAC;IAE5F,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,IAAI,mFAAmF;YACxF,8FAA8F;YAC9F,gEAAgE,CAAC;IACrE,CAAC;IAED,GAAG,IAAI,iFAAiF;QACtF,4EAA4E,CAAC;IAC/E,GAAG,IAAI,8BAA8B,CAAC;IACtC,GAAG,IAAI,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC;IAEjH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAEjE,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,GAAG,EAAE,OAAC;SACH,MAAM,EAAE;SACR,GAAG,EAAE;SACL,QAAQ,CAAC,yEAAyE,CAAC;IACtF,MAAM,EAAE,OAAC;SACN,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;SAC/C,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,4BAA4B,CAAC;IACzC,OAAO,EAAE,OAAC;SACP,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SAClB,QAAQ,EAAE;SACV,QAAQ,CAAC,oDAAoD,CAAC;IACjE,IAAI,EAAE,OAAC;SACJ,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,mEAAmE,CAAC;IAChF,eAAe,EAAE,OAAC;SACf,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CACP,kDAAkD;QAClD,2DAA2D;QAC3D,mCAAmC,CACpC;IACH,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,IAAI,CAAC;SACT,GAAG,CAAC,KAAK,CAAC;SACV,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,8DAA8D,CAAC;IAC3E,kBAAkB,EAAE,OAAC;SAClB,OAAO,EAAE;SACT,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CACP,oEAAoE;QACpE,oEAAoE;QACpE,wEAAwE,CACzE;CACJ,CAAC,CAAC;AAIH,8EAA8E;AAEjE,QAAA,WAAW,GAAG;IACzB,IAAI,EAAE,UAAU;IAChB,WAAW,EACT,4EAA4E;QAC5E,kFAAkF;QAClF,8CAA8C;QAC9C,+EAA+E;QAC/E,4FAA4F;QAC5F,gDAAgD;QAChD,mFAAmF;IACrF,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,GAAG,EAAE;gBACH,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6DAA6D;aAC3E;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;gBAC/C,WAAW,EAAE,4BAA4B;gBACzC,OAAO,EAAE,KAAK;aACf;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACxC,WAAW,EAAE,4BAA4B;aAC1C;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;YACD,eAAe,EAAE;gBACf,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,2CAA2C;aACzD;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;gBACvD,OAAO,EAAE,KAAK;aACf;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,4DAA4D;gBACzE,OAAO,EAAE,KAAK;aACf;SACF;QACD,QAAQ,EAAE,CAAC,KAAK,CAAC;KAClB;CACF,CAAC;AAEF,8EAA8E;AAEvE,KAAK,UAAU,aAAa,CACjC,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAA,qBAAS,GAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC;QAE5C,uEAAuE;QACvE,kEAAkE;QAClE,wEAAwE;QACxE,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;YAC9B,MAAM,aAAa,GAAG,IAAA,8BAAiB,EAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,cAAc,GAAG,IAAA,gCAAmB,EAAC,aAAa,CAAC,CAAC;gBAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC;gBACrC,MAAM,aAAa,GAA2B;oBAC5C,QAAQ,EAAE,mCAAmC;oBAC7C,GAAG,cAAc;oBACjB,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;iBACzB,CAAC;gBAEF,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5D,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;wBACnC,aAAa,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;oBACrD,CAAC;gBACH,CAAC;gBAED,MAAM,WAAW,GAAgB;oBAC/B,MAAM;oBACN,OAAO,EAAE,aAAa;oBACtB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;iBACvC,CAAC;gBAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;gBAErD,iEAAiE;gBACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC3C,IAAA,8BAAiB,EAAC,aAAa,CAAC,SAAS,CAAC,CAAC;oBAE3C,MAAM,OAAO,GAAG,IAAI,CAAC;oBACrB,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,GAAG,OAAO,CAAC;oBAChD,MAAM,WAAW,GAAG,SAAS;wBAC3B,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,8BAA8B;wBACjE,CAAC,CAAC,YAAY,CAAC;oBAEjB,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;oBAE7E,IAAI,GAAG,GAAG,wCAAwC,CAAC;oBACnD,GAAG,IAAI,iBAAiB,KAAK,CAAC,GAAG,IAAI,CAAC;oBACtC,GAAG,IAAI,iBAAiB,MAAM,IAAI,CAAC;oBACnC,GAAG,IAAI,iBAAiB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC;oBACnE,GAAG,IAAI,iBAAiB,IAAA,qBAAS,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;oBACtD,GAAG,IAAI,sCAAsC,CAAC;oBAC9C,GAAG,IAAI,iBAAiB,aAAa,CAAC,SAAS,IAAI,CAAC;oBACpD,IAAI,aAAa,CAAC,KAAK;wBAAE,GAAG,IAAI,iBAAiB,aAAa,CAAC,KAAK,IAAI,CAAC;oBACzE,GAAG,IAAI,iBAAiB,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,eAAe,CAAC;oBACpE,GAAG,IAAI,iBAAiB,aAAa,CAAC,SAAS,IAAI,CAAC;oBACpD,GAAG,IAAI,0BAA0B,CAAC;oBAClC,GAAG,IAAI,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;oBAEvC,OAAO,EAAE,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACzC,CAAC;gBAED,wEAAwE;gBACxE,8CAA8C;YAChD,CAAC;QACH,CAAC;QAED,yEAAyE;QAEzE,iCAAiC;QACjC,IAAI,aAAiC,CAAC;QACtC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC9C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,eAAe,GAAG,CAAC,CAAC;YACzE,CAAC;YACD,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC;QACjD,CAAC;QAED,uBAAuB;QACvB,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,IAAI,aAAa,GAAG,EAAE,CAAC;QACvB,IAAI,aAAa,GAAG,EAAE,CAAC;QACvB,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAE1B,0CAA0C;QAC1C,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,MAAM,EAAE;YAC1C,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,CAAC;YACb,iBAAiB,EAAE,IAAA,kDAA+B,EAAC,MAAM,CAAC,OAAO,CAAC;YAClE,+CAA+C;YAC/C,mBAAmB,EAAE,aAAa;YAClC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAClC,IAAI,aAAa,IAAI,MAAM,GAAG,aAAa,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,oCAAoC;wBAC/D,IAAI,aAAa,UAAU,KAAK,CAAC,eAAe,SAAS;wBACzD,2DAA2D,CAC5D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,WAAW,GAAG,IAAI,CAAC;gBACnB,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC3B,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC3B,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC;YACnC,CAAC;SACF,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC;QACrC,MAAM,OAAO,GAA2B;YACtC,QAAQ,EAAE,mCAAmC;YAC7C,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;SACzB,CAAC;QAEF,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAgB;YAC/B,MAAM;YACN,OAAO;YACP,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;SACvC,CAAC;QAEF,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChE,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3C,gDAAgD;QAChD,MAAM,gBAAgB,GAAG,IAAI,CAAC;QAC9B,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,GAAG,gBAAgB,CAAC;QACzD,MAAM,WAAW,GAAG,SAAS;YAC3B,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,8BAA8B;YAC1E,CAAC,CAAC,YAAY,CAAC;QAEjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC5C,OAAO;gBACL,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,sBAAsB,CAAC,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC7F,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,GAAG,8BAA8B,CAAC;QACzC,GAAG,IAAI,cAAc,KAAK,CAAC,GAAG,IAAI,CAAC;QACnC,GAAG,IAAI,cAAc,MAAM,IAAI,CAAC;QAChC,GAAG,IAAI,cAAc,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC;QAChE,GAAG,IAAI,cAAc,IAAA,qBAAS,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;QAEnD,IAAI,WAAW,EAAE,CAAC;YAChB,GAAG,IAAI,yBAAyB,CAAC;YACjC,GAAG,IAAI,gBAAgB,aAAa,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACjE,GAAG,IAAI,gBAAgB,gBAAgB,IAAI,CAAC;YAC5C,GAAG,IAAI,gBAAgB,aAAa,IAAI,CAAC;YACzC,GAAG,IAAI,0FAA0F,CAAC;QACpG,CAAC;aAAM,CAAC;YACN,GAAG,IAAI,2BAA2B,CAAC;QACrC,CAAC;QAED,GAAG,IAAI,0BAA0B,CAAC;QAClC,GAAG,IAAI,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;QAEvC,OAAO,EAAE,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC,EAAE,CAAC;IACzC,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,iCAAiC;QACjC,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,8CAA8C,KAAK,CAAC,UAAU,IAAI,KAAK,IAAI,CAAC,CAAC;gBACnG,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,CAAC,IAAA,uBAAW,EAAC,IAAA,uBAAW,EAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/utils/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/utils/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAA4B,KAAK,OAAO,EAAc,MAAM,MAAM,CAAC;AAG1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAqB/C,MAAM,WAAW,cAAc;IAC7B,qDAAqD;IACrD,eAAe,EAAE,KAAK,MAAM,EAAE,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,yDAAyD;IACzD,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAID;;;GAGG;AACH,wBAAgB,UAAU,IAAI,cAAc,CAiD3C;AAID,MAAM,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AAElE;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,mBAAmB,CAyB7E;AAOD;;;GAGG;AACH,wBAAgB,SAAS,IAAI,cAAc,CAK1C;AAED;;;GAGG;AACH,wBAAgB,SAAS,IAAI,mBAAmB,CAK/C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAGvC"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/utils/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAA4B,KAAK,OAAO,EAAc,MAAM,MAAM,CAAC;AAG1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAqB/C,MAAM,WAAW,cAAc;IAC7B,qDAAqD;IACrD,eAAe,EAAE,KAAK,MAAM,EAAE,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,yDAAyD;IACzD,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAID;;;GAGG;AACH,wBAAgB,UAAU,IAAI,cAAc,CA2D3C;AAID,MAAM,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AAElE;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,mBAAmB,CAyB7E;AAOD;;;GAGG;AACH,wBAAgB,SAAS,IAAI,cAAc,CAK1C;AAED;;;GAGG;AACH,wBAAgB,SAAS,IAAI,mBAAmB,CAK/C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAGvC"}

package/dist/utils/client.js

@@ -48,7 +48,14 @@ function loadConfig() {
     if (!walletAddress.startsWith('0x') || walletAddress.length !== 42) {
         throw new Error('AGENT_WALLET_ADDRESS must be a 0x-prefixed 20-byte hex string (42 chars total).');
     }
-    const chainId = parseInt(process.env['CHAIN_ID'] ?? '8453', 10);
+    const chainIdRaw = process.env['CHAIN_ID'] ?? '8453';
+    if (!/^\d+$/.test(chainIdRaw)) {
+        throw new Error(`Unsupported CHAIN_ID: "${chainIdRaw}". AgentPay MCP currently supports ` +
+            '8453 (Base Mainnet) and 84532 (Base Sepolia) for x402 exact payments. ' +
+            'TVM/TON values such as "tvm:-3" are watch-only and fail closed until ' +
+            'AgentPay adds deliberate TVM signing, gas, jetton, wallet deployment, and settlement support.');
+    }
+    const chainId = parseInt(chainIdRaw, 10);
     if (!CHAIN_MAP[chainId]) {
         throw new Error(`Unsupported CHAIN_ID: ${chainId}. Supported values: 8453 (Base Mainnet), 84532 (Base Sepolia).`);
     }

package/dist/utils/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/utils/client.ts"],"names":[],"mappings":";;AAiDA,gCAiDC;AAUD,8CAyBC;AAWD,8BAKC;AAMD,8BAKC;AAKD,4CAGC;AAxKD;;;GAGG;AACH,+BAA0E;AAC1E,4CAAoD;AACpD,wCAAgD;AAChD,qDAA+C;AAE/C,8EAA8E;AAE9E,MAAM,SAAS,GAA0B;IACvC,IAAI,EAAE,aAAI;IACV,KAAK,EAAE,oBAAW;CACnB,CAAC;AAEF,MAAM,cAAc,GAA4C;IAC9D,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,cAAc;CACtB,CAAC;AAEF,MAAM,WAAW,GAA2B;IAC1C,IAAI,EAAE,0BAA0B;IAChC,KAAK,EAAE,0BAA0B;CAClC,CAAC;AAmBF,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,UAAU;IACxB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE1D,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,sDAAsD;YACtD,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACb,iFAAiF,CAClF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,yBAAyB,OAAO,gEAAgE,CACjG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,0BAA0B,CAAC;IAC5F,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAwB,CAAC;IAC7E,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAwB,CAAC;IAEtF,OAAO;QACL,eAAe,EAAE,eAAgC;QACjD,aAAa,EAAE,aAAwB;QACvC,OAAO;QACP,MAAM;QACN,cAAc;QACd,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAMD;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,MAAsB;IACtD,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,8BAAmB,EAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,IAAA,yBAAkB,EAAC;QACtC,OAAO;QACP,KAAK;QACL,SAAS,EAAE,IAAA,WAAI,EAAC,MAAM,CAAC,MAAM,CAAC;KAC/B,CAAC,CAAC;IAEH,OAAO,IAAA,8BAAY,EAAC;QAClB,cAAc,EAAE,MAAM,CAAC,aAAa;QACpC,KAAK,EAAE,SAAS;QAChB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAE9E,IAAI,OAAO,GAA0B,IAAI,CAAC;AAC1C,IAAI,OAAO,GAA+B,IAAI,CAAC;AAE/C;;;GAGG;AACH,SAAgB,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,UAAU,EAAE,CAAC;IACzB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,iBAAiB,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,OAAO,GAAG,IAAI,CAAC;IACf,OAAO,GAAG,IAAI,CAAC;AACjB,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/utils/client.ts"],"names":[],"mappings":";;AAiDA,gCA2DC;AAUD,8CAyBC;AAWD,8BAKC;AAMD,8BAKC;AAKD,4CAGC;AAlLD;;;GAGG;AACH,+BAA0E;AAC1E,4CAAoD;AACpD,wCAAgD;AAChD,qDAA+C;AAE/C,8EAA8E;AAE9E,MAAM,SAAS,GAA0B;IACvC,IAAI,EAAE,aAAI;IACV,KAAK,EAAE,oBAAW;CACnB,CAAC;AAEF,MAAM,cAAc,GAA4C;IAC9D,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,cAAc;CACtB,CAAC;AAEF,MAAM,WAAW,GAA2B;IAC1C,IAAI,EAAE,0BAA0B;IAChC,KAAK,EAAE,0BAA0B;CAClC,CAAC;AAmBF,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,UAAU;IACxB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE1D,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,sDAAsD;YACtD,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACb,iFAAiF,CAClF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC;IACrD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,0BAA0B,UAAU,qCAAqC;YACzE,wEAAwE;YACxE,uEAAuE;YACvE,+FAA+F,CAChG,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,yBAAyB,OAAO,gEAAgE,CACjG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,0BAA0B,CAAC;IAC5F,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAwB,CAAC;IAC7E,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAwB,CAAC;IAEtF,OAAO;QACL,eAAe,EAAE,eAAgC;QACjD,aAAa,EAAE,aAAwB;QACvC,OAAO;QACP,MAAM;QACN,cAAc;QACd,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAMD;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,MAAsB;IACtD,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,8BAAmB,EAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,IAAA,yBAAkB,EAAC;QACtC,OAAO;QACP,KAAK;QACL,SAAS,EAAE,IAAA,WAAI,EAAC,MAAM,CAAC,MAAM,CAAC;KAC/B,CAAC,CAAC;IAEH,OAAO,IAAA,8BAAY,EAAC;QAClB,cAAc,EAAE,MAAM,CAAC,aAAa;QACpC,KAAK,EAAE,SAAS;QAChB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAE9E,IAAI,OAAO,GAA0B,IAAI,CAAC;AAC1C,IAAI,OAAO,GAA+B,IAAI,CAAC;AAE/C;;;GAGG;AACH,SAAgB,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,UAAU,EAAE,CAAC;IACzB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,iBAAiB,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,OAAO,GAAG,IAAI,CAAC;IACf,OAAO,GAAG,IAAI,CAAC;AACjB,CAAC"}

package/dist/utils/x402-networks.d.ts

@@ -0,0 +1,12 @@
+/**
+ * x402 network support policy for AgentPay MCP.
+ *
+ * AgentPay MCP currently signs x402 exact payments only on the configured
+ * Base network. New x402 networks must be added deliberately because each
+ * network can need different wallet deployment, gas, asset, and settlement
+ * handling.
+ */
+export declare function supportedX402NetworksForChainId(chainId: number): string[];
+export declare function describeSupportedX402Networks(chainId: number): string;
+export declare function isTvmOrTonNetwork(network: string): boolean;
+//# sourceMappingURL=x402-networks.d.ts.map

package/dist/utils/x402-networks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402-networks.d.ts","sourceRoot":"","sources":["../../src/utils/x402-networks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,wBAAgB,+BAA+B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAGzE;AAED,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGrE;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAG1D"}

package/dist/utils/x402-networks.js

@@ -0,0 +1,30 @@
+"use strict";
+/**
+ * x402 network support policy for AgentPay MCP.
+ *
+ * AgentPay MCP currently signs x402 exact payments only on the configured
+ * Base network. New x402 networks must be added deliberately because each
+ * network can need different wallet deployment, gas, asset, and settlement
+ * handling.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.supportedX402NetworksForChainId = supportedX402NetworksForChainId;
+exports.describeSupportedX402Networks = describeSupportedX402Networks;
+exports.isTvmOrTonNetwork = isTvmOrTonNetwork;
+const X402_NETWORK_BY_CHAIN_ID = {
+    8453: 'base:8453',
+    84532: 'base-sepolia:84532',
+};
+function supportedX402NetworksForChainId(chainId) {
+    const network = X402_NETWORK_BY_CHAIN_ID[chainId];
+    return network ? [network] : [];
+}
+function describeSupportedX402Networks(chainId) {
+    const networks = supportedX402NetworksForChainId(chainId);
+    return networks.length > 0 ? networks.join(', ') : `none for CHAIN_ID ${chainId}`;
+}
+function isTvmOrTonNetwork(network) {
+    const normalized = network.toLowerCase();
+    return normalized.startsWith('tvm:') || normalized.includes('ton');
+}
+//# sourceMappingURL=x402-networks.js.map

package/dist/utils/x402-networks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402-networks.js","sourceRoot":"","sources":["../../src/utils/x402-networks.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAOH,0EAGC;AAED,sEAGC;AAED,8CAGC;AAlBD,MAAM,wBAAwB,GAA2B;IACvD,IAAI,EAAE,WAAW;IACjB,KAAK,EAAE,oBAAoB;CAC5B,CAAC;AAEF,SAAgB,+BAA+B,CAAC,OAAe;IAC7D,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,MAAM,QAAQ,GAAG,+BAA+B,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,qBAAqB,OAAO,EAAE,CAAC;AACpF,CAAC;AAED,SAAgB,iBAAiB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IACzC,OAAO,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}

package/docs/channel-agent-affiliate-controls.md

@@ -0,0 +1,142 @@
+# Channel-agent affiliate payout controls
+
+Axon added off-chain affiliate payouts, a builder dashboard, per-contact payout settings, and prepaid-balance debits on Apr 29. That is the right growth loop for WhatsApp and SMB agents, but it creates payout liability fast.
+
+AgentPay MCP should sit at the spend and settlement boundary: cap payouts, require per-contact approval, write audit rows, and optionally settle affiliate shares through x402 when a channel platform is ready for on-chain receipts.
+
+## Control model
+
+Affiliate payouts need two separate controls:
+
+1. Spend authority for the paid tool call.
+2. Payout authority for the revenue share created by that call.
+
+Do not bind both to one approval. A user approving a paid API call did not automatically approve an uncapped affiliate liability.
+
+## Required policy fields
+
+```json
+{
+  "channel": "whatsapp",
+  "agent_id": "agent_123",
+  "contact_id_hash": "sha256:...",
+  "affiliate_program_id": "axon-affiliate-2026-04",
+  "referrer_id_hash": "sha256:...",
+  "policy_version": "agentpay-affiliate-policy-2026-04-30",
+  "per_contact_approval_required": true,
+  "per_contact_daily_payout_cap_usdc": "2.00",
+  "per_contact_monthly_payout_cap_usdc": "20.00",
+  "agent_daily_payout_cap_usdc": "50.00",
+  "program_monthly_payout_cap_usdc": "500.00",
+  "max_payout_per_paid_call_usdc": "0.25",
+  "settlement_mode": "off_chain_ledger",
+  "optional_x402_settlement": true
+}
+```
+
+Hash contact and referrer identifiers in operational logs. Store raw identifiers only in the system that needs to contact or pay the user.
+
+## Per-contact approval gate
+
+A contact must be approved before affiliate payout accrual starts.
+
+Approval record:
+
+```json
+{
+  "approval_id": "approval_contact_789",
+  "contact_id_hash": "sha256:...",
+  "agent_id": "agent_123",
+  "affiliate_program_id": "axon-affiliate-2026-04",
+  "approved_by": "operator",
+  "approved_at": "2026-04-30T05:14:00Z",
+  "expires_at": "2026-05-30T05:14:00Z",
+  "policy_version": "agentpay-affiliate-policy-2026-04-30"
+}
+```
+
+Rules:
+
+- No approval record, no payout accrual.
+- Expired approval, no payout accrual.
+- Policy version mismatch, route to reapproval.
+- Contact-level cap exceeded, stop accrual for that contact and keep the paid tool policy independent.
+- Program-level cap exceeded, stop all affiliate accrual until the operator raises or resets the cap.
+
+## Audit trail
+
+Every affiliate payout decision should write a row before money moves.
+
+```json
+{
+  "event_type": "channel_affiliate_payout_decision",
+  "channel": "whatsapp",
+  "agent_id": "agent_123",
+  "contact_id_hash": "sha256:...",
+  "referrer_id_hash": "sha256:...",
+  "paid_tool_call_id": "tool_call_456",
+  "approval_id": "approval_contact_789",
+  "policy_version": "agentpay-affiliate-policy-2026-04-30",
+  "gross_call_revenue_usdc": "1.00",
+  "proposed_payout_usdc": "0.10",
+  "decision": "approved",
+  "decision_reason": "within_per_contact_and_program_caps",
+  "ledger_entry_id": "ledger_abc",
+  "x402_settlement_tx": null,
+  "created_at": "2026-04-30T05:14:00Z"
+}
+```
+
+Decision reasons should be machine-readable:
+
+- `approved`
+- `missing_contact_approval`
+- `contact_daily_cap_exceeded`
+- `contact_monthly_cap_exceeded`
+- `agent_daily_cap_exceeded`
+- `program_monthly_cap_exceeded`
+- `policy_version_mismatch`
+- `settlement_failed`
+
+## Optional x402 settlement path
+
+The optional x402 settlement path keeps off-chain affiliate ledgers from becoming a dead end.
+
+Off-chain ledgers are useful while channel platforms move quickly. They need a clean path to x402 settlement when payout volumes justify it.
+
+Settlement flow:
+
+1. Paid MCP tool call completes under the normal AgentPay MCP policy.
+2. Affiliate payout decision writes an audit row with `decision: approved`.
+3. The channel ledger records the pending payout.
+4. At payout time, AgentPay MCP creates an x402 payment request for the affiliate share.
+5. Operator policy checks caps again at settlement time.
+6. Settlement writes `x402_settlement_tx`, `network`, `asset`, and reconciled amount.
+
+Do not settle a payout if the approval record has expired between accrual and payout. Reapproval is required.
+
+## Runtime placement
+
+```text
+WhatsApp contact message
+  to channel agent intent
+  to paid MCP tool call
+  to AgentPay spend policy approval
+  to x402 paid API settlement
+  to affiliate payout decision
+  to off-chain ledger or optional x402 affiliate settlement
+  to audit readback
+```
+
+AgentPay MCP owns the two financial gates: spend approval before the paid tool call and payout approval before affiliate liability accrues.
+
+## Acceptance checklist
+
+- [ ] Affiliate payout policy defines per-contact caps.
+- [ ] Affiliate payout policy defines agent-level and program-level caps.
+- [ ] Contact approval exists before payout accrual.
+- [ ] Approval records include `policy_version`, `approved_at`, and `expires_at`.
+- [ ] Audit rows link the paid tool call, approval record, payout decision, and ledger entry.
+- [ ] Optional x402 settlement records transaction hash and network when used.
+- [ ] Logs hash contact and referrer identifiers by default.
+- [ ] Paid tool spend approval and affiliate payout approval are separate decisions.

package/docs/hitl-reference-architecture.md

@@ -0,0 +1,140 @@
+# AgentPay MCP: HITL Reference Architecture for Payment Authorization
+
+> The reference implementation for human-in-the-loop payment workflows in MCP-compatible agents.
+
+## Why HITL Matters
+
+McKinsey's 2026 AI Trust Maturity Survey found that only **14.4% of enterprises formally approve AI agents before deployment**, while **88% report at least one agent security incident**. For payment operations specifically, just **18% of enterprises are confident in their agent IAM**.
+
+The implication is clear: autonomous agent payments without human oversight are a non-starter for enterprise adoption. The question isn't whether HITL is needed — it's how to implement it without destroying the autonomy that makes agents valuable.
+
+## The Pattern: Suggest → Approve → Execute
+
+AgentPay MCP implements a three-phase payment authorization pattern:
+
+```
+Phase 1: SUGGEST
+  Agent encounters a paid API (HTTP 402)
+  AgentPay MCP evaluates spending policy
+  If amount > human_approval_threshold:
+    → Payment is BLOCKED (not executed)
+    → Human receives approval request
+
+Phase 2: APPROVE
+  Human reviews: merchant, amount, context
+  Human decides: approve or reject
+  Decision is logged with timestamp
+
+Phase 3: EXECUTE
+  If approved → payment executes on-chain
+  If rejected → agent receives rejection, adapts
+  Full audit trail recorded regardless
+```
+
+### Code Example: Human-Approval Payment Flow
+
+```python
+from smolagents import CodeAgent, InferenceClientModel
+from smolagents.x402_payment_tool import X402PaymentTool, SpendingPolicy, PaymentMode
+
+# Configure HITL: auto-approve under $1, require human approval above
+payment_tool = X402PaymentTool(
+    spending_policy=SpendingPolicy(
+        mode=PaymentMode.LIVE,
+        max_per_transaction=10.00,
+        rolling_cap=100.00,
+        require_human_approval=True,
+        human_approval_threshold=1.00,
+        merchant_allowlist=["api.example.com", "data.provider.io"],
+    )
+)
+
+agent = CodeAgent(
+    tools=[payment_tool],
+    model=InferenceClientModel(),
+)
+
+# Agent workflow:
+# 1. Agent calls api.example.com → gets HTTP 402 for $0.50
+#    → Auto-approved (under $1 threshold) → paid → data returned
+#
+# 2. Agent calls data.provider.io → gets HTTP 402 for $3.50
+#    → BLOCKED → human sees:
+#      "Agent wants to pay $3.50 to data.provider.io — approve? [y/n]"
+#    → Human approves → paid → data returned
+#    → OR human rejects → agent receives error, tries alternative
+```
+
+### MCP Server Configuration
+
+```json
+{
+  "mcpServers": {
+    "agentpay": {
+      "command": "npx",
+      "args": ["agentpay-mcp"],
+      "env": {
+        "AGENT_PRIVATE_KEY": "0x...",
+        "AGENT_WALLET_ADDRESS": "0x..."
+      }
+    }
+  }
+}
+```
+
+The HITL behavior is configured via `set_spend_policy` tool:
+
+```json
+{
+  "tool": "set_spend_policy",
+  "arguments": {
+    "perTxCapEth": "0.004",
+    "dailyLimitEth": "0.04",
+    "requireHumanApproval": true,
+    "humanApprovalThreshold": "0.0004",
+    "allowedRecipients": ["0x..."]
+  }
+}
+```
+
+## Why This Architecture Works
+
+### 1. Graduated Autonomy
+
+Not every payment needs human review. The threshold model lets agents handle routine micropayments autonomously while escalating significant transactions. This preserves agent utility without sacrificing oversight.
+
+### 2. On-Chain Enforcement
+
+The spending caps aren't in application code — they're in the AgentAccountV2 smart contract. Even if the agent, the MCP server, or the host application is compromised, the on-chain limits hold. The human-approval gate is the last line of defense, not the only one.
+
+### 3. Audit Trail for Compliance
+
+Every payment attempt (approved, rejected, or auto-approved) is logged with:
+- Merchant/recipient address
+- Amount requested
+- Policy evaluation result
+- Human decision (if applicable)
+- On-chain transaction hash (if executed)
+
+This gives compliance teams the artifact trail they need for SOC 2, financial audits, and regulatory reporting.
+
+## MCP 2026 Roadmap Alignment
+
+The MCP specification is evolving toward mandatory security controls for financial operations:
+
+- **CoSAI T9 (Financial Fraud):** AgentPay MCP's HITL pattern directly addresses this threat category
+- **OAuth 2.1 + PKCE:** Enterprise authentication for MCP server access (see [security-posture.md](security-posture.md))
+- **Standardized approval UX:** The `queue_approval` tool provides a consistent interface that MCP clients (Claude Desktop, Cursor, etc.) can render as native approval dialogs
+
+## Production Reference
+
+This HITL payment architecture is already in production:
+
+- **[NVIDIA NeMo Agent Toolkit Examples PR #17](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17)** — x402 payment tool merged into NVIDIA's official agent toolkit catalog
+- **[smolagents PR #2123](https://github.com/huggingface/smolagents/pull/2123)** — Native x402 payment tool with HITL support, addressing community request [#2112](https://github.com/huggingface/smolagents/issues/2112) for human-in-the-loop payment authorization
+
+## Related Documentation
+
+- [Security Posture](security-posture.md) — CoSAI alignment and OAuth 2.1 compliance
+- [README](../README.md) — Full AgentPay MCP documentation
+- [SECURITY.md](../SECURITY.md) — Responsible disclosure process

package/docs/security-posture.md

@@ -0,0 +1,74 @@
+# AgentPay MCP — Security Posture
+
+> Last updated: 2026-03-26
+
+This document maps AgentPay MCP's security controls to the CoSAI (Coalition for Secure AI) threat taxonomy and MCP 2026 authentication requirements. It is intended for enterprise security teams evaluating MCP servers for production deployment.
+
+## CoSAI Threat Alignment
+
+### T9 — Financial Fraud
+
+**Threat:** An AI agent is manipulated (via prompt injection, tool poisoning, or logic error) into making unauthorized payments.
+
+**Mitigations in AgentPay MCP:**
+
+| Control | Implementation | Bypass Resistance |
+|---------|---------------|-------------------|
+| Per-transaction spending cap | `set_spend_policy` enforced by AgentAccountV2 smart contract | On-chain — cannot be overridden by application code or the agent |
+| Rolling period limits | Daily/weekly caps enforced on-chain | Same — smart contract enforcement |
+| Merchant allowlist | Only pre-approved recipient addresses can receive funds | On-chain enforcement |
+| Human-approval gate | Transactions above configurable threshold queue for human review | Cannot be bypassed — `queue_approval` requires explicit human action |
+| Fail-closed policy engine | Any error in policy evaluation → transaction rejected | Default-deny; no silent pass-through |
+| Full audit trail | Every payment attempt logged: merchant, amount, timestamp, approval status, tx hash | Immutable on-chain record |
+
+### T10 — Identity Spoofing
+
+**Threat:** A malicious agent impersonates a legitimate agent to gain access to payment infrastructure or services.
+
+**Mitigations in AgentPay MCP:**
+
+| Control | Implementation |
+|---------|---------------|
+| ERC-8004 identity verification | `verify_agent_identity` tool validates on-chain agent identity NFTs |
+| Non-custodial key management | Agent private key stored locally; never transmitted to any server |
+| On-chain reputation | `get_reputation` provides verifiable transaction history and trust score |
+| Session token verification | x402 session tokens are ECDSA-signed; any verifier can independently validate |
+
+## OAuth 2.1 + PKCE Compliance
+
+MCP 2026 roadmap requires OAuth 2.1 with PKCE for server authentication in enterprise environments.
+
+**Current status:**
+
+- AgentPay MCP supports configuration via environment variables (`AGENT_PRIVATE_KEY`, `AGENT_WALLET_ADDRESS`) for direct deployment
+- For enterprise SSO: Azure AD and Okta can broker OAuth 2.1 tokens that gate access to the MCP server process
+- PKCE flow: supported when deployed behind an OAuth 2.1-compliant reverse proxy (e.g., Azure API Management, Auth0)
+- The MCP server itself authenticates agents via their on-chain identity (ERC-8004) and wallet signature, which provides cryptographic authentication independent of OAuth
+
+**Roadmap:**
+
+- Native OAuth 2.1 token validation in the MCP server transport layer (aligned with MCP spec evolution)
+- Mutual TLS option for server-to-server deployments
+
+## MCP Audit Logging
+
+Every tool invocation is logged with:
+
+- Timestamp (ISO 8601)
+- Tool name and parameters
+- Outcome (success/failure/queued)
+- Transaction hash (for on-chain operations)
+- Policy evaluation result (approved/rejected/queued with reason)
+
+Logs are available via `get_transaction_history` tool and can be exported to enterprise SIEM systems.
+
+## Dependency Security
+
+- **Zero LiteLLM dependency** — no exposure to the March 2026 PyPI supply chain compromise
+- **Minimal npm dependency tree** — `viem`, `@modelcontextprotocol/sdk`, and auditable packages only
+- **No Python runtime required** — eliminates PyPI supply chain attack surface entirely
+- **NVIDIA-validated** — security posture reviewed as part of [NVIDIA NeMo Agent Toolkit Examples PR #17](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17) merge process
+
+## Contact
+
+Security issues: see [SECURITY.md](../SECURITY.md) for responsible disclosure process.

package/docs/trust-architecture.md

@@ -0,0 +1,127 @@
+# AgentPay MCP Trust Architecture
+
+**Simulation Mode · Spend Caps · Human-in-the-Loop · Transaction Explainability**
+
+---
+
+## The Problem: Agent Autonomy Without Trust Infrastructure
+
+Autonomous agents that handle money need more than API keys and wallet addresses. They need a trust architecture — a layered system of controls that lets operators grant autonomy incrementally, verify behavior continuously, and intervene instantly when something goes wrong.
+
+Enterprise solutions like Visa's Visa Intelligent Commerce (VIC) platform address this for traditional payment flows: pre-authorization, fraud scoring, velocity checks, chargeback handling. But VIC is built for card networks and merchant acquirers. It doesn't speak MCP. It doesn't run locally. It doesn't give developers control over the trust model.
+
+AgentPay MCP provides the same trust primitives — simulation, spend controls, human approval, and explainability — in an open-source, developer-native package that runs wherever your agent runs.
+
+---
+
+## Trust Layers
+
+### Layer 1: Simulation Mode
+
+Before any real funds move, agents can dry-run a transaction to preview:
+
+- **Recipient address** and whether it's on the allowlist
+- **Estimated cost** in the payment token (USDC, ETH)
+- **Gas estimate** for the target chain
+- **Policy evaluation result** — would this transaction be auto-approved, queued, or rejected?
+
+Simulation mode gives operators confidence before enabling auto-approve. It's also the right tool for testing new integrations: point your agent at a paid API, see what it would cost, and decide whether to add it to the allowlist — all without spending a cent.
+
+**Comparison:** Visa VIC performs pre-authorization checks server-side through the card network. AgentPay performs simulation locally, with results visible to the agent and operator before any network call.
+
+### Layer 2: Per-Call Spend Caps
+
+Every transaction is evaluated against on-chain spending policy before execution:
+
+- **Per-transaction maximum** — no single call can exceed this amount, regardless of what the agent requests
+- **Enforced by smart contract** — the AgentAccountV2 contract rejects over-cap transactions at the EVM level. Application-layer bugs or agent prompt injection cannot bypass this.
+
+This is the most critical trust boundary. Even if an agent is compromised, jailbroken, or simply wrong about what it's buying, the per-call cap limits blast radius to a known, acceptable amount.
+
+**Comparison:** Visa VIC enforces transaction limits through issuer-configured velocity rules in the card network. AgentPay enforces them on-chain — no intermediary required, publicly auditable, and immutable once set.
+
+### Layer 3: Daily Aggregate Caps
+
+Per-call caps prevent single large losses. Daily caps prevent death by a thousand cuts:
+
+- **Rolling daily limit** — total spend across all transactions resets on a configurable period
+- **On-chain enforcement** — same smart contract, same immutability guarantees
+- **Budget visibility** — agents can call `check_budget` to see remaining allowance before starting expensive workflows
+
+An agent running a 50-item enrichment loop at $0.10 each hits $5.00 total. If the daily cap is $10, the agent knows it has $5 left. If the loop was supposed to be 500 items due to a bug, the cap stops it at 100.
+
+**Comparison:** VIC uses velocity checks (transaction count and amount per time window) configured at the issuer level. AgentPay's daily caps serve the same function, configured by the wallet owner.
+
+### Layer 4: Human-in-the-Loop Approval
+
+Not every transaction should be automatic. AgentPay's HITL system queues transactions that exceed the auto-approve threshold:
+
+- **Threshold-based routing** — under threshold: auto-approved and executed. Over threshold: queued for human review.
+- **Queue inspection** — operators see pending transactions with full context (merchant, amount, tool that triggered it, agent reasoning)
+- **Approve or reject** — explicit human decision. Rejection returns a structured error to the agent, which can adapt (use cached data, try a cheaper source, ask the user).
+- **Fail-closed** — if the approval system errors, the default is rejection. Never approval.
+
+HITL is the default mode. Operators opt *into* automation by raising thresholds, not opt *out* of oversight by lowering them. Trust is earned incrementally.
+
+**Comparison:** Visa VIC routes high-risk transactions to manual review queues via issuer fraud teams. AgentPay routes them to the operator directly — no intermediary, no SLA dependency on a third-party fraud team.
+
+### Layer 5: Transaction Explainability
+
+Every transaction — approved, rejected, queued, or simulated — produces a structured audit record:
+
+- **Timestamp** (block time + local time)
+- **Merchant/recipient** address and resolved name (if available)
+- **Amount** in payment token and USD equivalent
+- **Policy evaluation** — which rule triggered (auto-approve, cap exceeded, allowlist miss)
+- **Approval path** — auto-approved, human-approved, or rejected (with reason)
+- **On-chain transaction hash** — independently verifiable on any block explorer
+
+This isn't just logging. It's the artifact that security teams, compliance officers, and auditors need to answer: "What did this agent spend money on, why, and who approved it?"
+
+**Comparison:** Visa VIC generates transaction records through the card network's settlement process. AgentPay generates them on-chain — immutable, publicly verifiable, and available in real-time (not T+1 or T+2 settlement).
+
+---
+
+## Trust Model Comparison
+
+| Trust Primitive | Visa VIC (Enterprise) | AgentPay MCP (Open Source) |
+|---|---|---|
+| Pre-transaction simulation | Pre-authorization via card network | Local simulation mode, no network call |
+| Per-transaction limits | Issuer-configured velocity rules | On-chain smart contract enforcement |
+| Aggregate spend caps | Velocity checks per time window | On-chain daily caps, agent-queryable |
+| Human review routing | Issuer fraud team queues | Direct operator HITL, fail-closed |
+| Transaction audit trail | Card network settlement records (T+1/T+2) | On-chain, real-time, publicly verifiable |
+| Integration model | Enterprise API + card network onboarding | `npm install` + MCP config |
+| Source availability | Proprietary | MIT open source |
+| Protocol native | Card networks (ISO 8583) | MCP + x402 (HTTP 402) |
+| Agent-native controls | No (designed for human cardholders) | Yes (agents query budget, adapt to rejections) |
+
+---
+
+## Deployment Progression
+
+Trust should be granted incrementally. Here's the recommended progression:
+
+1. **Simulation only** — Agent runs, simulates all payments, logs what it would spend. Zero risk.
+2. **HITL with low threshold** — Auto-approve micro-payments ($0.10), queue everything else. Operator reviews daily.
+3. **HITL with raised threshold** — After reviewing transaction patterns, raise auto-approve to $1-$5. Queue large transactions.
+4. **Full auto with daily cap** — High-confidence workflows get full auto-approve with a daily ceiling. Operator reviews weekly.
+5. **Multi-agent with per-agent caps** — Each agent gets its own wallet with independent caps. Blast radius is isolated per agent.
+
+At no point does the operator lose the ability to intervene. Every stage is reversible by lowering thresholds or enabling simulation mode.
+
+---
+
+## For Enterprise Security Teams
+
+If you're evaluating agent payment infrastructure:
+
+- **Smart contract source** is verified and auditable on-chain
+- **Dependency tree** is minimal — zero LiteLLM, zero Python runtime, auditable with `npm ls`
+- **NVIDIA validation** — integrated into [NVIDIA NeMo Agent Toolkit Examples](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17) (PR #17, merged)
+- **CoSAI alignment** — addresses T9 (Financial Fraud) and T10 (Identity Spoofing) threat categories
+- **Security posture doc** — see [`security-posture.md`](security-posture.md) for the full compliance matrix
+
+---
+
+*AgentPay MCP is MIT licensed. Built by [AI Agent Economy](https://ai-agent-economy.com).*