bsv-x402 0.3.0 → 0.5.0

package/dist/index.cjs

@@ -53,12 +53,15 @@ function parseBrc105Challenge(response) {
   if (!Number.isFinite(satoshisRequired) || !Number.isInteger(satoshisRequired) || satoshisRequired <= 0) {
     throw new Error("BRC-105: satoshis-required must be a positive integer");
   }
-  const serverIdentityKey = response.headers.get("x-bsv-auth-identity-key");
+  const authIdentityKey = response.headers.get("x-bsv-auth-identity-key") || null;
+  const paymentIdentityKey = response.headers.get("x-bsv-payment-identity-key") || null;
+  const authenticated = authIdentityKey !== null && authIdentityKey.length > 0;
+  const serverIdentityKey = authIdentityKey || paymentIdentityKey;
   if (serverIdentityKey === null || serverIdentityKey.length === 0) {
-    throw new Error("BRC-105: missing or empty x-bsv-auth-identity-key header");
+    throw new Error("BRC-105: missing identity key (expected x-bsv-auth-identity-key or x-bsv-payment-identity-key)");
   }
   if (!/^0[23][0-9a-fA-F]{64}$/.test(serverIdentityKey)) {
-    throw new Error("BRC-105: x-bsv-auth-identity-key must be a 33-byte compressed public key (hex)");
+    throw new Error("BRC-105: identity key must be a 33-byte compressed public key (hex)");
   }
   const derivationPrefix = response.headers.get("x-bsv-payment-derivation-prefix");
   if (derivationPrefix === null || derivationPrefix.length === 0) {
@@ -68,7 +71,8 @@ function parseBrc105Challenge(response) {
     version,
     satoshisRequired,
     serverIdentityKey,
-    derivationPrefix
+    derivationPrefix,
+    authenticated
   };
 }
 
@@ -516,7 +520,8 @@ async function createDerivationSuffix(wallet) {
   const nonceBytes = [...firstHalf, ...hmac];
   return numberArrayToBase64(nonceBytes);
 }
-async function constructBrc105Proof(challenge, wallet) {
+async function constructBrc105Proof(challenge, wallet, origin) {
+  const { publicKey: clientIdentityKey } = await wallet.getPublicKey({ identityKey: true });
   const derivationSuffix = await createDerivationSuffix(wallet);
   const keyID = `${challenge.derivationPrefix} ${derivationSuffix}`;
   const { publicKey: derivedPublicKey } = await wallet.getPublicKey({
@@ -525,12 +530,13 @@ async function constructBrc105Proof(challenge, wallet) {
     counterparty: challenge.serverIdentityKey
   });
   const lockingScript = await pubkeyToP2PKHLockingScript(derivedPublicKey);
+  const description = origin ? `Payment for request to ${origin}` : "BRC-105 payment";
   const result = await wallet.createAction({
-    description: "BRC-105 payment",
+    description,
     outputs: [{
       satoshis: challenge.satoshisRequired,
       lockingScript,
-      description: "BRC-105 payment output",
+      outputDescription: "HTTP request payment",
       customInstructions: JSON.stringify({
         derivationPrefix: challenge.derivationPrefix,
         derivationSuffix,
@@ -553,6 +559,7 @@ async function constructBrc105Proof(challenge, wallet) {
     derivationPrefix: challenge.derivationPrefix,
     derivationSuffix,
     transaction: transactionBase64,
+    clientIdentityKey,
     txid: result.txid
   };
 }
@@ -589,6 +596,171 @@ function parseChallenge(header) {
   };
 }
 
+// src/x402-fetch.ts
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58DecodeCheck(address) {
+  let leadingZeros = 0;
+  for (const c of address) {
+    if (c === "1") leadingZeros++;
+    else break;
+  }
+  let n = BigInt(0);
+  for (const c of address) {
+    const i = BASE58_ALPHABET.indexOf(c);
+    if (i < 0) throw new Error(`Invalid Base58 character: ${c}`);
+    n = n * 58n + BigInt(i);
+  }
+  const hexFromBigint = n === 0n ? "" : n.toString(16);
+  const paddedHex = hexFromBigint.length % 2 ? "0" + hexFromBigint : hexFromBigint;
+  const bigintBytes = [];
+  for (let i = 0; i < paddedHex.length; i += 2) {
+    bigintBytes.push(parseInt(paddedHex.slice(i, i + 2), 16));
+  }
+  const allBytes = new Uint8Array(leadingZeros + bigintBytes.length);
+  allBytes.set(bigintBytes, leadingZeros);
+  if (allBytes.length !== 25) {
+    throw new Error(`Invalid address length: expected 25 bytes, got ${allBytes.length}`);
+  }
+  const body = allBytes.slice(0, 21);
+  const checksum = allBytes.slice(21);
+  const version = allBytes[0];
+  if (version !== 0 && version !== 111) {
+    throw new Error(`Unsupported address version: 0x${version.toString(16).padStart(2, "0")}`);
+  }
+  return { version, payload: body.slice(1) };
+}
+function payeeAddressToLockingScript(address) {
+  const { payload } = base58DecodeCheck(address);
+  if (payload.length !== 20) {
+    throw new Error(`Invalid pubkey hash length: expected 20 bytes, got ${payload.length}`);
+  }
+  const pubkeyHash = Array.from(payload).map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `76a914${pubkeyHash}88ac`;
+}
+async function defaultConstructProof(challenge) {
+  const cwi = globalThis.CWI;
+  if (!cwi || typeof cwi.createAction !== "function") {
+    throw new Error(
+      "No BRC-100 wallet detected. Install a CWI-compliant browser extension or provide a custom proofConstructor in X402Config."
+    );
+  }
+  const result = await cwi.createAction({
+    description: `x402 payment: ${challenge.amount} sats to ${challenge.payee}`,
+    outputs: [{
+      satoshis: challenge.amount,
+      lockingScript: payeeAddressToLockingScript(challenge.payee),
+      description: `Payment to ${challenge.payee}`
+    }],
+    labels: ["x402-payment"],
+    options: {
+      returnTXIDOnly: false,
+      noSend: false
+    }
+  });
+  if (!result || !result.txid) {
+    throw new Error("Wallet declined payment or returned invalid result");
+  }
+  if (!result.rawTx || typeof result.rawTx !== "string" || result.rawTx.length === 0) {
+    throw new Error("Wallet did not return raw transaction");
+  }
+  return {
+    txid: result.txid,
+    rawTx: result.rawTx
+  };
+}
+function createX402Fetch(config = {}) {
+  const constructProof = config.proofConstructor ?? defaultConstructProof;
+  const brc105ProofConstructor = config.brc105ProofConstructor;
+  const brc105Wallet = config.brc105Wallet;
+  return async function x402Fetch2(input, init) {
+    const response = await fetch(input, init);
+    if (response.status !== 402) return response;
+    const origin = extractOrigin(input);
+    const challengeHeader = response.headers.get("X402-Challenge");
+    if (challengeHeader) {
+      let challenge;
+      try {
+        challenge = parseChallenge(challengeHeader);
+      } catch {
+        return response;
+      }
+      let proof;
+      try {
+        proof = await constructProof(challenge);
+      } catch (err) {
+        console.error("[x402] Proof construction failed (x402):", err);
+        config.onProofError?.(err, "x402");
+        return response;
+      }
+      const headers = new Headers(init?.headers);
+      headers.set("X402-Proof", JSON.stringify(proof));
+      return fetch(input, { ...init, headers });
+    }
+    const brc105Version = response.headers.get("x-bsv-payment-version");
+    if (brc105Version) {
+      if (!brc105ProofConstructor && !brc105Wallet) return response;
+      let brc105Challenge;
+      try {
+        brc105Challenge = parseBrc105Challenge(response);
+      } catch {
+        return response;
+      }
+      let proof;
+      try {
+        if (brc105ProofConstructor) {
+          proof = await brc105ProofConstructor(brc105Challenge);
+        } else {
+          proof = await constructBrc105Proof(brc105Challenge, brc105Wallet, origin);
+        }
+      } catch (err) {
+        console.error("[x402] Proof construction failed (brc105):", err);
+        config.onProofError?.(err, "brc105");
+        return response;
+      }
+      const headers = new Headers(init?.headers);
+      headers.set("x-bsv-payment", JSON.stringify(proof));
+      headers.set("x-bsv-auth-identity-key", proof.clientIdentityKey);
+      return fetch(input, { ...init, headers });
+    }
+    return response;
+  };
+}
+var singleton;
+async function x402Fetch(input, init) {
+  if (!singleton) singleton = createX402Fetch();
+  return singleton(input, init);
+}
+function resolveRelativeUrl(url) {
+  const loc = globalThis.location;
+  if (loc?.href) {
+    return new URL(url, loc.href).origin;
+  }
+  return "unknown";
+}
+function extractOrigin(input) {
+  if (input instanceof URL) return input.origin;
+  if (typeof input === "string") {
+    try {
+      return new URL(input).origin;
+    } catch {
+      try {
+        return resolveRelativeUrl(input);
+      } catch {
+        return "unknown";
+      }
+    }
+  }
+  try {
+    return new URL(input.url).origin;
+  } catch {
+    try {
+      return resolveRelativeUrl(input.url);
+    } catch {
+      return "unknown";
+    }
+  }
+}
+
 // src/limits.ts
 var BFG_DAILY_CEILING_SATOSHIS = 1e10;
 var BFG_PER_TX_CEILING_SATOSHIS = 1e9;
@@ -890,41 +1062,6 @@ var RateLimiter = class {
   }
 };
 
-// src/site-policy.ts
-var defaultSitePrompt = async (origin) => {
-  if (typeof globalThis.confirm !== "function") return "global";
-  const allow = globalThis.confirm(
-    `First payment to ${origin}.
-
-Use your global spending limits for this site?
-
-OK = Use global limits
-Cancel = Block this site`
-  );
-  return allow ? "global" : "block";
-};
-async function resolveSitePolicy(origin, limits, twoFactorProvider, promptFn = defaultSitePrompt) {
-  const existing = limits.sitePolicies[origin];
-  if (existing) return existing;
-  if (!limits.requirePerSitePrompt) {
-    return { origin, action: "global" };
-  }
-  if (limits.require2fa.onNewSiteApproval) {
-    if (!twoFactorProvider) {
-      return { origin, action: "block" };
-    }
-    const verified = await twoFactorProvider.verify({
-      type: "new-site-approval",
-      origin
-    });
-    if (!verified) {
-      return { origin, action: "block" };
-    }
-  }
-  const action = await promptFn(origin);
-  return { origin, action };
-}
-
 // src/storage.ts
 var STATE_KEY = "x402:limit-state";
 var POLICIES_KEY = "x402:site-policies";
@@ -999,304 +1136,6 @@ var LocalStorageAdapter = class {
   }
 };
 
-// src/x402-fetch.ts
-var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-function base58DecodeCheck(address) {
-  let leadingZeros = 0;
-  for (const c of address) {
-    if (c === "1") leadingZeros++;
-    else break;
-  }
-  let n = BigInt(0);
-  for (const c of address) {
-    const i = BASE58_ALPHABET.indexOf(c);
-    if (i < 0) throw new Error(`Invalid Base58 character: ${c}`);
-    n = n * 58n + BigInt(i);
-  }
-  const hexFromBigint = n === 0n ? "" : n.toString(16);
-  const paddedHex = hexFromBigint.length % 2 ? "0" + hexFromBigint : hexFromBigint;
-  const bigintBytes = [];
-  for (let i = 0; i < paddedHex.length; i += 2) {
-    bigintBytes.push(parseInt(paddedHex.slice(i, i + 2), 16));
-  }
-  const allBytes = new Uint8Array(leadingZeros + bigintBytes.length);
-  allBytes.set(bigintBytes, leadingZeros);
-  if (allBytes.length !== 25) {
-    throw new Error(`Invalid address length: expected 25 bytes, got ${allBytes.length}`);
-  }
-  const body = allBytes.slice(0, 21);
-  const checksum = allBytes.slice(21);
-  const version = allBytes[0];
-  if (version !== 0 && version !== 111) {
-    throw new Error(`Unsupported address version: 0x${version.toString(16).padStart(2, "0")}`);
-  }
-  return { version, payload: body.slice(1) };
-}
-function payeeAddressToLockingScript(address) {
-  const { payload } = base58DecodeCheck(address);
-  if (payload.length !== 20) {
-    throw new Error(`Invalid pubkey hash length: expected 20 bytes, got ${payload.length}`);
-  }
-  const pubkeyHash = Array.from(payload).map((b) => b.toString(16).padStart(2, "0")).join("");
-  return `76a914${pubkeyHash}88ac`;
-}
-async function defaultConstructProof(challenge) {
-  const cwi = globalThis.CWI;
-  if (!cwi || typeof cwi.createAction !== "function") {
-    throw new Error(
-      "No BRC-100 wallet detected. Install a CWI-compliant browser extension or provide a custom proofConstructor in X402Config."
-    );
-  }
-  const result = await cwi.createAction({
-    description: `x402 payment: ${challenge.amount} sats to ${challenge.payee}`,
-    outputs: [{
-      satoshis: challenge.amount,
-      lockingScript: payeeAddressToLockingScript(challenge.payee),
-      description: `Payment to ${challenge.payee}`
-    }],
-    labels: ["x402-payment"],
-    options: {
-      returnTXIDOnly: false,
-      noSend: false
-    }
-  });
-  if (!result || !result.txid) {
-    throw new Error("Wallet declined payment or returned invalid result");
-  }
-  if (!result.rawTx || typeof result.rawTx !== "string" || result.rawTx.length === 0) {
-    throw new Error("Wallet did not return raw transaction");
-  }
-  return {
-    txid: result.txid,
-    rawTx: result.rawTx
-  };
-}
-function createMutex() {
-  let chain = Promise.resolve();
-  return (fn) => {
-    const result = chain.then(fn, fn);
-    chain = result.then(() => {
-    }, () => {
-    });
-    return result;
-  };
-}
-function createX402Fetch(config = {}) {
-  const tier = config.tier ?? "Hey, Not Too Rough";
-  const mode = config.mode ?? "interactive";
-  if (tier === "Nightmare!" && config.nightmareConfirmation !== "NIGHTMARE") {
-    throw new Error('Nightmare! tier requires nightmareConfirmation: "NIGHTMARE"');
-  }
-  const limits = resolveSpendLimits(tier, mode, config.limits);
-  const storage = config.storage ?? new LocalStorageAdapter();
-  const twoFactor = config.twoFactorProvider;
-  const constructProof = config.proofConstructor ?? defaultConstructProof;
-  const brc105ProofConstructor = config.brc105ProofConstructor;
-  const brc105Wallet = config.brc105Wallet;
-  const nowFn = config.now ?? Date.now;
-  const mutex = createMutex();
-  const needs2fa = limits.require2fa;
-  if (!twoFactor && (needs2fa.onCircuitBreakerReset || needs2fa.onHighValueTx || needs2fa.onNewSiteApproval || needs2fa.onTierChange)) {
-    console.warn("x402: tier requires 2FA but no twoFactorProvider configured \u2014 2FA-gated actions will be blocked");
-  }
-  let limiter;
-  let initialised = false;
-  async function ensureInitialised() {
-    if (limiter && initialised) return limiter;
-    const state = await storage.load();
-    limiter = new RateLimiter(limits, state ?? void 0, nowFn);
-    const policies = await storage.loadSitePolicies();
-    Object.assign(limits.sitePolicies, policies);
-    initialised = true;
-    return limiter;
-  }
-  async function persist(rl) {
-    await storage.save(rl.getState());
-    await storage.saveSitePolicies(limits.sitePolicies);
-  }
-  async function handlePaymentFlow(originalResponse, input, init, origin, amount, protocol, buildProof, retryWithProof, makeLedgerEntry) {
-    return mutex(async () => {
-      const rl = await ensureInitialised();
-      const sitePolicy = await resolveSitePolicy(origin, limits, twoFactor);
-      if (sitePolicy.action === "block") return originalResponse;
-      if (!limits.sitePolicies[origin]) {
-        limits.sitePolicies[origin] = sitePolicy;
-        await storage.saveSitePolicies(limits.sitePolicies);
-      }
-      const spendCheckable = { amount, origin, protocol };
-      const result = rl.check(spendCheckable, origin);
-      if (result.action === "block") {
-        if (result.severity === "trip") {
-          rl.trip();
-          await persist(rl);
-          config.onLimitReached?.(result.reason);
-          return originalResponse;
-        }
-        if (result.severity === "window" && twoFactor) {
-          config.onLimitReached?.(result.reason);
-          const override = await twoFactor.verify({
-            type: "limit-override",
-            amount,
-            origin,
-            reason: result.reason
-          });
-          if (override) {
-          } else {
-            return originalResponse;
-          }
-        } else {
-          config.onLimitReached?.(result.reason);
-          return originalResponse;
-        }
-      }
-      if (result.action === "yellow-light") {
-        const proceed = config.onYellowLight ? await config.onYellowLight(result.detail) : false;
-        if (!proceed) return originalResponse;
-      }
-      if (limits.require2fa.onHighValueTx && amount > limits.require2fa.highValueThreshold) {
-        if (!twoFactor) return originalResponse;
-        const verified = await twoFactor.verify({
-          type: "high-value-tx",
-          amount,
-          origin
-        });
-        if (!verified) return originalResponse;
-      }
-      let proof;
-      try {
-        proof = await buildProof();
-      } catch {
-        return originalResponse;
-      }
-      rl.record(makeLedgerEntry(proof));
-      await persist(rl);
-      return retryWithProof(proof);
-    });
-  }
-  const fetchFn = async function x402Fetch2(input, init) {
-    const response = await fetch(input, init);
-    if (response.status !== 402) return response;
-    const origin = extractOrigin(input);
-    const challengeHeader = response.headers.get("X402-Challenge");
-    if (challengeHeader) {
-      let challenge;
-      try {
-        challenge = parseChallenge(challengeHeader);
-      } catch {
-        return response;
-      }
-      return handlePaymentFlow(
-        response,
-        input,
-        init,
-        origin,
-        challenge.amount,
-        "x402",
-        async () => constructProof(challenge),
-        (proof) => {
-          const headers = new Headers(init?.headers);
-          headers.set("X402-Proof", JSON.stringify(proof));
-          return fetch(input, { ...init, headers });
-        },
-        (proof) => ({
-          timestamp: nowFn(),
-          origin,
-          satoshis: challenge.amount,
-          txid: proof.txid
-        })
-      );
-    }
-    const brc105Version = response.headers.get("x-bsv-payment-version");
-    if (brc105Version) {
-      if (!brc105ProofConstructor && !brc105Wallet) return response;
-      let brc105Challenge;
-      try {
-        brc105Challenge = parseBrc105Challenge(response);
-      } catch {
-        return response;
-      }
-      return handlePaymentFlow(
-        response,
-        input,
-        init,
-        origin,
-        brc105Challenge.satoshisRequired,
-        "brc105",
-        async () => {
-          if (brc105ProofConstructor) {
-            return brc105ProofConstructor(brc105Challenge);
-          }
-          return constructBrc105Proof(brc105Challenge, brc105Wallet);
-        },
-        (proof) => {
-          const headers = new Headers(init?.headers);
-          headers.set("x-bsv-payment", JSON.stringify(proof));
-          return fetch(input, { ...init, headers });
-        },
-        (proof) => ({
-          timestamp: nowFn(),
-          origin,
-          satoshis: brc105Challenge.satoshisRequired,
-          txid: proof.txid,
-          protocol: "brc105"
-        })
-      );
-    }
-    return response;
-  };
-  fetchFn.resetLimits = async () => {
-    const rl = await ensureInitialised();
-    if (limits.require2fa.onCircuitBreakerReset) {
-      if (!twoFactor) throw new Error("2FA required for circuit breaker reset but no twoFactorProvider configured");
-      const verified = await twoFactor.verify({ type: "circuit-breaker-reset" });
-      if (!verified) throw new Error("2FA verification failed for circuit breaker reset");
-    }
-    rl.reset();
-    await persist(rl);
-  };
-  fetchFn.getState = () => {
-    if (!limiter) return { entries: [], circuitBroken: false };
-    const state = limiter.getState();
-    return { entries: state.entries, circuitBroken: state.circuitBroken };
-  };
-  return fetchFn;
-}
-var singleton;
-async function x402Fetch(input, init) {
-  if (!singleton) singleton = createX402Fetch();
-  return singleton(input, init);
-}
-function resolveRelativeUrl(url) {
-  const loc = globalThis.location;
-  if (loc?.href) {
-    return new URL(url, loc.href).origin;
-  }
-  return "unknown";
-}
-function extractOrigin(input) {
-  if (input instanceof URL) return input.origin;
-  if (typeof input === "string") {
-    try {
-      return new URL(input).origin;
-    } catch {
-      try {
-        return resolveRelativeUrl(input);
-      } catch {
-        return "unknown";
-      }
-    }
-  }
-  try {
-    return new URL(input.url).origin;
-  } catch {
-    try {
-      return resolveRelativeUrl(input.url);
-    } catch {
-      return "unknown";
-    }
-  }
-}
-
 // src/two-factor.ts
 var WalletTwoFactorProvider = class {
   async verify(action) {
@@ -1339,6 +1178,41 @@ function describeAction(action) {
 Allow this payment of ${action.amount} sats to ${action.origin}?`;
   }
 }
+
+// src/site-policy.ts
+var defaultSitePrompt = async (origin) => {
+  if (typeof globalThis.confirm !== "function") return "global";
+  const allow = globalThis.confirm(
+    `First payment to ${origin}.
+
+Use your global spending limits for this site?
+
+OK = Use global limits
+Cancel = Block this site`
+  );
+  return allow ? "global" : "block";
+};
+async function resolveSitePolicy(origin, limits, twoFactorProvider, promptFn = defaultSitePrompt) {
+  const existing = limits.sitePolicies[origin];
+  if (existing) return existing;
+  if (!limits.requirePerSitePrompt) {
+    return { origin, action: "global" };
+  }
+  if (limits.require2fa.onNewSiteApproval) {
+    if (!twoFactorProvider) {
+      return { origin, action: "block" };
+    }
+    const verified = await twoFactorProvider.verify({
+      type: "new-site-approval",
+      origin
+    });
+    if (!verified) {
+      return { origin, action: "block" };
+    }
+  }
+  const action = await promptFn(origin);
+  return { origin, action };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BFG_DAILY_CEILING_SATOSHIS,