bsv-x402 0.5.0 → 0.6.0

package/dist/index.cjs

@@ -20,18 +20,18 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  BFG_DAILY_CEILING_SATOSHIS: () => BFG_DAILY_CEILING_SATOSHIS,
-  BFG_PER_TX_CEILING_SATOSHIS: () => BFG_PER_TX_CEILING_SATOSHIS,
-  LocalStorageAdapter: () => LocalStorageAdapter,
-  RateLimiter: () => RateLimiter,
-  TIER_PRESETS: () => TIER_PRESETS,
-  WalletTwoFactorProvider: () => WalletTwoFactorProvider,
+  PICKUP_PERCENTAGES: () => PICKUP_PERCENTAGES,
+  TIER_CAPS: () => TIER_CAPS,
+  WEAPON_CAPS: () => WEAPON_CAPS,
+  applyPickup: () => applyPickup,
+  checkPayment: () => checkPayment,
+  clampBalanceToTier: () => clampBalanceToTier,
   constructBrc105Proof: () => constructBrc105Proof,
   createX402Fetch: () => createX402Fetch,
+  initialState: () => initialState,
   parseBrc105Challenge: () => parseBrc105Challenge,
   parseChallenge: () => parseChallenge,
-  resolveSitePolicy: () => resolveSitePolicy,
-  resolveSpendLimits: () => resolveSpendLimits,
+  recordPayment: () => recordPayment,
   x402Fetch: () => x402Fetch
 });
 module.exports = __toCommonJS(index_exports);
@@ -761,471 +761,80 @@ function extractOrigin(input) {
   }
 }
 
-// src/limits.ts
-var BFG_DAILY_CEILING_SATOSHIS = 1e10;
-var BFG_PER_TX_CEILING_SATOSHIS = 1e9;
-var WINDOW_MS = {
-  minute: 6e4,
-  hour: 36e5,
-  day: 864e5,
-  week: 6048e5
+// src/autospend.ts
+var TIER_CAPS = {
+  "I'm Too Young to Die": 1e6,
+  // 0.01 BSV
+  "Hey, Not Too Rough": 1e7,
+  // 0.1 BSV
+  "Hurt Me Plenty": 1e8,
+  // 1 BSV
+  "Ultra-Violence": 1e9,
+  // 10 BSV
+  "Nightmare!": 1e11
+  // 100 BSV
 };
-function windowToMs(window2) {
-  return WINDOW_MS[window2];
-}
-function makeLimits(windows, perTxMaxSatoshis, opts = {}) {
-  return {
-    windows,
-    perTxMaxSatoshis,
-    yellowLightThreshold: 0.8,
-    requirePerSitePrompt: false,
-    sitePolicies: {},
-    require2fa: {
-      onCircuitBreakerReset: true,
-      onTierChange: true,
-      onHighValueTx: false,
-      highValueThreshold: 0,
-      onNewSiteApproval: false
-    },
-    ...opts
-  };
-}
-var TOO_YOUNG_TO_DIE = {
-  interactive: makeLimits(
-    [{ window: "day", maxSatoshis: 1e8, maxTransactions: Infinity }],
-    1e8
-  ),
-  programmatic: makeLimits(
-    [{ window: "day", maxSatoshis: 1e8, maxTransactions: Infinity }],
-    1e6
-  )
-};
-var HEY_NOT_TOO_ROUGH = {
-  interactive: makeLimits(
-    [
-      { window: "day", maxSatoshis: 1e8, maxTransactions: 100 },
-      { window: "week", maxSatoshis: 5e8, maxTransactions: 500 }
-    ],
-    1e7,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: true,
-        highValueThreshold: 5e7,
-        onNewSiteApproval: true
-      }
-    }
-  ),
-  programmatic: makeLimits(
-    [
-      { window: "day", maxSatoshis: 1e8, maxTransactions: 1e4 },
-      { window: "week", maxSatoshis: 5e8, maxTransactions: 5e4 }
-    ],
-    1e5,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: true,
-        highValueThreshold: 5e7,
-        onNewSiteApproval: true
-      }
-    }
-  )
-};
-var HURT_ME_PLENTY = {
-  interactive: makeLimits(
-    [
-      { window: "minute", maxSatoshis: 5e6, maxTransactions: 10 },
-      { window: "hour", maxSatoshis: 5e7, maxTransactions: 60 },
-      { window: "day", maxSatoshis: 2e8, maxTransactions: 200 },
-      { window: "week", maxSatoshis: 1e9, maxTransactions: 1e3 }
-    ],
-    2e7,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: true,
-        highValueThreshold: 1e8,
-        onNewSiteApproval: true
-      }
-    }
-  ),
-  programmatic: makeLimits(
-    [
-      { window: "minute", maxSatoshis: 5e6, maxTransactions: 1e3 },
-      { window: "hour", maxSatoshis: 5e7, maxTransactions: 6e3 },
-      { window: "day", maxSatoshis: 2e8, maxTransactions: 2e4 },
-      { window: "week", maxSatoshis: 1e9, maxTransactions: 1e5 }
-    ],
-    2e5,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: true,
-        highValueThreshold: 1e8,
-        onNewSiteApproval: true
-      }
-    }
-  )
-};
-var ULTRA_VIOLENCE = {
-  interactive: makeLimits(
-    [...HURT_ME_PLENTY.interactive.windows],
-    HURT_ME_PLENTY.interactive.perTxMaxSatoshis,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: false,
-        highValueThreshold: 0,
-        onNewSiteApproval: true
-      }
-    }
-  ),
-  programmatic: makeLimits(
-    [...HURT_ME_PLENTY.programmatic.windows],
-    HURT_ME_PLENTY.programmatic.perTxMaxSatoshis,
-    {
-      requirePerSitePrompt: true,
-      require2fa: {
-        onCircuitBreakerReset: true,
-        onTierChange: true,
-        onHighValueTx: false,
-        highValueThreshold: 0,
-        onNewSiteApproval: true
-      }
-    }
-  )
-};
-var NIGHTMARE = {
-  interactive: makeLimits([], BFG_PER_TX_CEILING_SATOSHIS),
-  programmatic: makeLimits([], BFG_PER_TX_CEILING_SATOSHIS)
+var WEAPON_CAPS = {
+  "Fists": 1e5,
+  "Chainsaw": 25e4,
+  "Pistol": 5e5,
+  "Shotgun": 1e6,
+  "Super Shotgun": 1e7,
+  "Chaingun": 5e7,
+  "Rocket Launcher": 25e7,
+  "Plasma Rifle": 1e9,
+  "BFG9000": Infinity
 };
-var TIER_PRESETS = {
-  "I'm Too Young to Die": TOO_YOUNG_TO_DIE,
-  "Hey, Not Too Rough": HEY_NOT_TOO_ROUGH,
-  "Hurt Me Plenty": HURT_ME_PLENTY,
-  "Ultra-Violence": ULTRA_VIOLENCE,
-  "Nightmare!": NIGHTMARE
+var PICKUP_PERCENTAGES = {
+  "Medkit": 0.1,
+  "Stimpak": 0.25,
+  "Soul Sphere": 1,
+  "New Game": 1
+  // hard-set to 100% (not additive)
 };
-function cloneSpendLimits(preset) {
-  return {
-    ...preset,
-    windows: preset.windows.map((w) => ({ ...w })),
-    require2fa: { ...preset.require2fa },
-    sitePolicies: { ...preset.sitePolicies }
-  };
+function isValidAmount(amount) {
+  return Number.isFinite(amount) && amount > 0;
 }
-function resolveSpendLimits(tier = "Hey, Not Too Rough", mode = "interactive", overrides) {
-  const preset = TIER_PRESETS[tier][mode];
-  const base = cloneSpendLimits(preset);
-  if (!overrides) return base;
-  return {
-    ...base,
-    ...overrides,
-    // Deep-merge require2fa if provided
-    require2fa: overrides.require2fa ? { ...base.require2fa, ...overrides.require2fa } : base.require2fa,
-    // Deep-merge sitePolicies if provided
-    sitePolicies: overrides.sitePolicies ? { ...base.sitePolicies, ...overrides.sitePolicies } : base.sitePolicies
-  };
+function checkPayment(amount, state, config) {
+  if (!isValidAmount(amount)) return "confirm";
+  const perTxMax = WEAPON_CAPS[config.weapon];
+  const effectiveMax = Math.min(perTxMax, state.balance);
+  return amount <= effectiveMax ? "auto" : "confirm";
 }
-var RateLimiter = class {
-  constructor(limits, state, now) {
-    this.limits = limits;
-    this.entries = state?.entries ?? [];
-    this.broken = state?.circuitBroken ?? false;
-    this.now = now ?? Date.now;
-  }
-  check(request, origin) {
-    if (this.broken) {
-      return { action: "block", reason: "Circuit breaker tripped \u2014 call resetLimits() to clear", severity: "trip" };
-    }
-    const amount = request.amount;
-    if (!Number.isFinite(amount) || !Number.isInteger(amount) || amount <= 0) {
-      return { action: "block", reason: "Invalid transaction amount rejected", severity: "reject" };
-    }
-    if (amount > BFG_PER_TX_CEILING_SATOSHIS) {
-      return { action: "block", reason: `Exceeds BFG per-tx ceiling (${BFG_PER_TX_CEILING_SATOSHIS} sats)`, severity: "reject" };
-    }
-    const dayAgo = this.now() - WINDOW_MS.day;
-    const dailyTotal = this.sumSatoshis(dayAgo);
-    if (dailyTotal + amount > BFG_DAILY_CEILING_SATOSHIS) {
-      return { action: "block", reason: `Exceeds BFG daily ceiling (${BFG_DAILY_CEILING_SATOSHIS} sats)`, severity: "trip" };
-    }
-    if (amount > this.limits.perTxMaxSatoshis) {
-      return { action: "block", reason: `Exceeds per-tx limit (${this.limits.perTxMaxSatoshis} sats)`, severity: "reject" };
-    }
-    const isCustomSite = this.hasCustomPolicy(origin);
-    const effectiveLimits = this.effectiveWindows(origin);
-    const effectivePerTx = this.effectivePerTxMax(origin);
-    if (effectivePerTx !== void 0 && amount > effectivePerTx) {
-      return { action: "block", reason: `Exceeds per-tx limit for ${origin} (${effectivePerTx} sats)`, severity: "reject" };
-    }
-    let yellowLight;
-    for (const wl of effectiveLimits) {
-      const cutoff = this.now() - windowToMs(wl.window);
-      const windowEntries = this.entriesInWindow(cutoff, isCustomSite ? origin : void 0);
-      const totalSats = windowEntries.reduce((sum, e) => sum + e.satoshis, 0);
-      const totalTx = windowEntries.length;
-      if (totalSats + amount > wl.maxSatoshis) {
-        return { action: "block", reason: `Exceeds ${wl.window} sats limit (${wl.maxSatoshis})`, severity: "window" };
-      }
-      if (totalTx + 1 > wl.maxTransactions) {
-        return { action: "block", reason: `Exceeds ${wl.window} tx count limit (${wl.maxTransactions})`, severity: "window" };
-      }
-      if (this.limits.yellowLightThreshold < 1 && !yellowLight && totalSats + amount > wl.maxSatoshis * this.limits.yellowLightThreshold) {
-        yellowLight = {
-          origin,
-          currentSpend: totalSats,
-          limit: wl.maxSatoshis,
-          window: wl.window,
-          challenge: request
-        };
-      }
-    }
-    if (yellowLight) {
-      return { action: "yellow-light", detail: yellowLight };
-    }
-    return { action: "allow" };
-  }
-  record(entry) {
-    this.entries.push(entry);
-    this.prune();
-  }
-  trip() {
-    this.broken = true;
-  }
-  reset() {
-    this.broken = false;
-  }
-  isBroken() {
-    return this.broken;
-  }
-  getState() {
-    return {
-      entries: [...this.entries],
-      circuitBroken: this.broken,
-      hmac: ""
-    };
-  }
-  hasCustomPolicy(origin) {
-    const policy = this.limits.sitePolicies[origin];
-    return policy?.action === "custom" && !!policy.limits;
-  }
-  effectiveWindows(origin) {
-    const policy = this.limits.sitePolicies[origin];
-    if (policy?.action === "custom" && policy.limits) {
-      return policy.limits;
-    }
-    return this.limits.windows;
-  }
-  effectivePerTxMax(origin) {
-    const policy = this.limits.sitePolicies[origin];
-    if (policy?.action === "custom" && policy.perTxMaxSatoshis !== void 0) {
-      return policy.perTxMaxSatoshis;
-    }
-    return void 0;
-  }
-  entriesInWindow(cutoff, filterOrigin) {
-    return this.entries.filter(
-      (e) => e.timestamp >= cutoff && (filterOrigin === void 0 || e.origin === filterOrigin)
-    );
-  }
-  sumSatoshis(cutoff) {
-    return this.entries.filter((e) => e.timestamp >= cutoff).reduce((sum, e) => sum + e.satoshis, 0);
-  }
-  prune() {
-    let longestWindow = WINDOW_MS.day;
-    for (const wl of this.limits.windows) {
-      longestWindow = Math.max(longestWindow, windowToMs(wl.window));
-    }
-    if (this.limits.sitePolicies) {
-      for (const policy of Object.values(this.limits.sitePolicies)) {
-        if (policy?.action === "custom" && Array.isArray(policy.limits)) {
-          for (const wl of policy.limits) {
-            longestWindow = Math.max(longestWindow, windowToMs(wl.window));
-          }
-        }
-      }
-    }
-    const cutoff = this.now() - longestWindow;
-    this.entries = this.entries.filter((e) => e.timestamp >= cutoff);
-  }
-};
-
-// src/storage.ts
-var STATE_KEY = "x402:limit-state";
-var POLICIES_KEY = "x402:site-policies";
-async function computeHmac(data, key) {
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw",
-    key,
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const encoded = new TextEncoder().encode(data);
-  const sig = await crypto.subtle.sign("HMAC", cryptoKey, encoded);
-  return Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
+function recordPayment(amount, state) {
+  if (!isValidAmount(amount)) return state;
+  return { balance: Math.max(0, state.balance - amount) };
 }
-function serializeForHmac(state) {
-  return JSON.stringify({
-    entries: state.entries,
-    circuitBroken: state.circuitBroken
-  });
+function applyPickup(pickup, state, config, walletBalance) {
+  const tierCap = TIER_CAPS[config.tier];
+  const cap = Math.min(tierCap, walletBalance);
+  if (pickup === "New Game") {
+    return { balance: cap };
+  }
+  const bonus = Math.floor(tierCap * PICKUP_PERCENTAGES[pickup]);
+  return { balance: Math.min(cap, state.balance + bonus) };
 }
-var LocalStorageAdapter = class {
-  constructor(keyDeriver, storage) {
-    this.keyDeriver = keyDeriver;
-    this.storage = storage ?? globalThis.localStorage;
-  }
-  async load() {
-    const raw = this.storage.getItem(STATE_KEY);
-    if (!raw) return null;
-    let state;
-    try {
-      state = JSON.parse(raw);
-    } catch {
-      console.warn("x402: limit state JSON parse failed \u2014 treating as tampered");
-      return { entries: [], circuitBroken: true, hmac: "" };
-    }
-    if (this.keyDeriver) {
-      if (!state.hmac) {
-        console.warn("x402: limit state missing HMAC \u2014 treating as tampered");
-        return { entries: [], circuitBroken: true, hmac: "" };
-      }
-      const key = await this.keyDeriver();
-      const expected = await computeHmac(serializeForHmac(state), key);
-      if (expected !== state.hmac) {
-        console.warn("x402: limit state HMAC mismatch \u2014 state may have been tampered with");
-        return { entries: [], circuitBroken: true, hmac: "" };
-      }
-    }
-    state.entries = (Array.isArray(state.entries) ? state.entries : []).filter(
-      (e) => e != null && typeof e.origin === "string" && typeof e.txid === "string" && typeof e.satoshis === "number" && Number.isFinite(e.satoshis) && e.satoshis >= 0 && typeof e.timestamp === "number" && Number.isFinite(e.timestamp) && e.timestamp > 0
-    );
-    return state;
-  }
-  async save(state) {
-    if (this.keyDeriver) {
-      const key = await this.keyDeriver();
-      state.hmac = await computeHmac(serializeForHmac(state), key);
-    }
-    this.storage.setItem(STATE_KEY, JSON.stringify(state));
-  }
-  async loadSitePolicies() {
-    const raw = this.storage.getItem(POLICIES_KEY);
-    if (!raw) return {};
-    try {
-      return JSON.parse(raw);
-    } catch {
-      return {};
-    }
-  }
-  async saveSitePolicies(policies) {
-    this.storage.setItem(POLICIES_KEY, JSON.stringify(policies));
-  }
-};
-
-// src/two-factor.ts
-var WalletTwoFactorProvider = class {
-  async verify(action) {
-    if (typeof window === "undefined" || !window.CWI) {
-      return this.promptFallback(action);
-    }
-    const challengeData = `x402-2fa:${JSON.stringify(action)}:${Date.now()}`;
-    try {
-      const sig = await window.CWI.createSignature({
-        data: new TextEncoder().encode(challengeData),
-        protocolID: [1, "x402-2fa"],
-        keyID: "spending-limits"
-      });
-      return sig !== null;
-    } catch {
-      return false;
-    }
-  }
-  promptFallback(action) {
-    if (typeof window === "undefined" || !window.prompt) return false;
-    const message = describeAction(action);
-    const result = window.prompt(`${message}
-
-Type CONFIRM to proceed:`);
-    return result === "CONFIRM";
-  }
-};
-function describeAction(action) {
-  switch (action.type) {
-    case "circuit-breaker-reset":
-      return "Reset spending circuit breaker? This re-enables automated payments.";
-    case "tier-change":
-      return `Change spending tier from "${action.from}" to "${action.to}"?`;
-    case "high-value-tx":
-      return `Approve high-value payment of ${action.amount} sats to ${action.origin}?`;
-    case "new-site-approval":
-      return `Allow automated payments to ${action.origin}?`;
-    case "limit-override":
-      return `Spending limit reached: ${action.reason}
-Allow this payment of ${action.amount} sats to ${action.origin}?`;
-  }
+function clampBalanceToTier(state, config, walletBalance) {
+  const cap = Math.min(TIER_CAPS[config.tier], walletBalance);
+  return { balance: Math.min(state.balance, cap) };
 }
-
-// src/site-policy.ts
-var defaultSitePrompt = async (origin) => {
-  if (typeof globalThis.confirm !== "function") return "global";
-  const allow = globalThis.confirm(
-    `First payment to ${origin}.
-
-Use your global spending limits for this site?
-
-OK = Use global limits
-Cancel = Block this site`
-  );
-  return allow ? "global" : "block";
-};
-async function resolveSitePolicy(origin, limits, twoFactorProvider, promptFn = defaultSitePrompt) {
-  const existing = limits.sitePolicies[origin];
-  if (existing) return existing;
-  if (!limits.requirePerSitePrompt) {
-    return { origin, action: "global" };
-  }
-  if (limits.require2fa.onNewSiteApproval) {
-    if (!twoFactorProvider) {
-      return { origin, action: "block" };
-    }
-    const verified = await twoFactorProvider.verify({
-      type: "new-site-approval",
-      origin
-    });
-    if (!verified) {
-      return { origin, action: "block" };
-    }
-  }
-  const action = await promptFn(origin);
-  return { origin, action };
+function initialState(config, walletBalance) {
+  const cap = Math.min(TIER_CAPS[config.tier], walletBalance);
+  return { balance: cap };
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  BFG_DAILY_CEILING_SATOSHIS,
-  BFG_PER_TX_CEILING_SATOSHIS,
-  LocalStorageAdapter,
-  RateLimiter,
-  TIER_PRESETS,
-  WalletTwoFactorProvider,
+  PICKUP_PERCENTAGES,
+  TIER_CAPS,
+  WEAPON_CAPS,
+  applyPickup,
+  checkPayment,
+  clampBalanceToTier,
   constructBrc105Proof,
   createX402Fetch,
+  initialState,
   parseBrc105Challenge,
   parseChallenge,
-  resolveSitePolicy,
-  resolveSpendLimits,
+  recordPayment,
   x402Fetch
 });