envoy-pay 0.1.0 → 0.2.0

package/CHANGELOG.md

@@ -4,11 +4,13 @@ All notable changes to this project will be documented in this file.
 
 For the dated decision journal behind these changes, see [`docs/BUILD_LOG.md`](docs/BUILD_LOG.md).
 
-## [0.3.0-envoy] — Unreleased
+## [0.2.0] — 2026-06-07
 
-This release is the Celo-first re-imagining of the SDK with a real on-chain layer added. Targets Celo Sepolia (testnet) and Celo mainnet.
+The Celo-first re-imagining of the SDK with a real on-chain layer. Headlining this release: server-side on-chain settlement verification (`createOnchainVerifier`) and a formal security policy (`SECURITY.md`). Targets Celo Sepolia (testnet) and Celo mainnet.
 
 ### Added
+- **`createOnchainVerifier(...)`** (`envoy-pay/server`) — a ready-made `verifyPayment` for `createX402Gate` that confirms an x402 proof maps to a real on-chain `EnvoyFacilitator` `Settled` event: checks the tx succeeded, paid the right merchant in the right token for at least the asking amount, replay-guards each `challengeId`, and optionally requires an ERC-8004 capability. Promotes the autonomous-loop example's verification into the SDK so production gates don't re-implement it. Pluggable `ReplayStore` for multi-instance deployments. (12-test suite, `verify-onchain.test.ts`.)
+- **`SECURITY.md`** — security policy: pre-1.0 / unaudited status, on-chain trust model, deployed-contract list, the `verifyPayment` requirement, a production hardening checklist, and private vulnerability reporting.
 - Scaffold forked from `ASGCompute-ows-agent-pay`, restructured around Celo as the first-class chain
 - **`EnvoyFacilitator.sol`** — single on-chain payment contract that consumes an EIP-712 `PaymentAuth` from the agent's wallet, validates the signer against canonical ERC-8004 `getAgentWallet(agentId)`, enforces per-(agent, token) rolling-window spending limits atomically, splits the amount into net (→ merchant) and fee (→ treasury), and emits a `Settled(challengeId, agentId, merchant, …)` event. Strict CEI, custom errors, `ReentrancyGuardTransient`, ERC-1271 fallback for smart-wallet agents, zero internal balance (contract never holds funds).
 - `MockIdentityRegistry.sol` + `MockSmartWallet.sol` test fixtures
@@ -22,6 +24,7 @@ This release is the Celo-first re-imagining of the SDK with a real on-chain laye
 - `docs/BUILD_LOG.md` capturing the dated decision trail (architecture, demo, ERC-8004 interface notes, Facilitator design rationale, SDK design rationale)
 
 ### Changed
+- **`createX402Gate` now warns when no settlement verification is configured.** Its built-in checks only confirm a proof is well-formed, not that it settled on-chain — so without `verifyPayment` (or `facilitatorUrl`) it logs a one-time security warning at gate creation. Pass `allowUnverified: true` to acknowledge and silence it (demo/testnet/trusted-upstream only). Non-breaking.
 - **Testnet target switched from Celo Alfajores → Celo Sepolia** (chainId `11142220`). The canonical Celo ERC-8004 contracts are deployed on Sepolia; Alfajores is no longer a build target. `hardhat.config.ts` updated accordingly.
 - Top-level + `contracts/` READMEs updated to reflect the lean architecture (one on-chain payment layer + canonical ERC-8004 delegation)
 - **`src/contracts/addresses.ts`** rewritten: `EnvoyContractAddresses` shape is now `{ facilitator, identityRegistry, reputationRegistry }` (was four snowflake fields). Canonical 8004 addresses are baked in for both Celo mainnet (42220) and Celo Sepolia (11142220). New `CELO_MAINNET` / `CELO_SEPOLIA` chain-id constants exported.
@@ -33,11 +36,15 @@ This release is the Celo-first re-imagining of the SDK with a real on-chain laye
 - SDK exports `AgentRegistryClient`, `createAgentRegistry`, `ReputationClient`, `createReputation`, `EscrowClient`, `createEscrow`, `PolicyGuardClient`, `createPolicyGuard`, the four `ENVOY_*_ABI` exports, and their types — viem wrappers moved to `src/contracts/_legacy/` pending replacement with a single `EnvoyFacilitator` client + canonical ERC-8004 helpers.
 - `examples/celo-agent-identity.ts` and `examples/celo-escrow.ts` archived to `examples/_legacy/` (both referenced removed contracts).
 
-### Pending (locked, not yet code)
-- **Deploy** `EnvoyFacilitator` to Celo Sepolia, verify on Celoscan, paste the address into `src/contracts/addresses.ts`.
+### Deployed
+- **`EnvoyFacilitator` is live on Celo mainnet** (chainId `42220`) at [`0xE268B6fE16319b49D22562C93c0d2395F65FCAcC`](https://celoscan.io/address/0xE268B6fE16319b49D22562C93c0d2395F65FCAcC), wired into `src/contracts/addresses.ts` alongside the canonical ERC-8004 Identity/Reputation registries.
 
 ---
 
+## Pre-fork history
+
+_The versions below are from the upstream project (`ASGCompute-ows-agent-pay`) that envoy was forked from, retained for provenance. envoy's npm lineage is the entries above (`0.1.0` → `0.2.0`)._
+
 ## [0.2.0] — 2026-04-04
 
 ### 🚀 Pay In Infrastructure (NEW)

package/README.md

@@ -65,7 +65,7 @@ AI agents are the new workforce, but payments are built for humans. An agent can
 npm install envoy-pay viem
 ```
 
-Node 18+. Tree-shakable ESM + CJS dual build. Every non-Celo rail (Stripe, Solana, Stellar) is an **optional peer dependency**, pulled in only when you import its subpath.
+Node 20+. Tree-shakable ESM + CJS dual build. Every non-Celo rail (Stripe, Solana, Stellar) is an **optional peer dependency**, pulled in only when you import its subpath.
 
 ### Make an agent pay for an API — Celo + cUSD
 
@@ -216,7 +216,7 @@ The core `EnvoyClient` handles protocol detection and the retry loop; pluggable
 | [`SolanaPaymentAdapter`](src/adapters/solana.ts) · [`StellarPaymentAdapter`](src/adapters/stellar.ts) | `envoy-pay/solana` · `/stellar` | Non-EVM settlement + watchers + request URIs. |
 | [`UnifiedWallet`](src/wallet/unified-wallet.ts) | `envoy-pay/wallet` | Cross-chain wallet with intent resolution + chain routing. |
 | [`FacilitatorService`](src/facilitator/facilitator-service.ts) | `envoy-pay/facilitator` | Hosted facilitator with fee calculation + receipts. |
-| [402 gates](src/server/) | `envoy-pay/server` | Server-side x402 / MPP gating, webhook + receipt verification. |
+| [402 gates](src/server/) | `envoy-pay/server` | Server-side x402 / MPP gating + `createOnchainVerifier` (on-chain `Settled` verification), webhook + receipt verification. |
 | [Watchers](src/monitor/) | `envoy-pay/monitor` | EVM, Solana, Stellar payment monitoring (the EVM watcher ships in core). |
 
 > **Extensible:** add any rail by implementing the [`PaymentAdapter`](src/adapters/types.ts) interface.
@@ -224,19 +224,30 @@ The core `EnvoyClient` handles protocol detection and the retry loop; pluggable
 ### Charge agents for *your* API (Pay In)
 
 ```ts
-import { createX402Gate } from 'envoy-pay/server';
+import { createX402Gate, createOnchainVerifier } from 'envoy-pay/server';
+import { CELO_MAINNET } from 'envoy-pay';
+
+// Confirm the payment actually settled on-chain — don't just trust the proof.
+const verifyPayment = createOnchainVerifier({
+  chainId: CELO_MAINNET,
+  payTo: '0xYOUR_TREASURY',
+  token: '0x765DE816845861e75A25fCA122bb6898B8B1282a', // cUSD
+  minAmount: 500000000000000000n,                       // 0.5 cUSD (18 decimals)
+  rpcUrl: process.env.CELO_RPC_URL,                     // or pass a viem publicClient
+});
 
 app.post('/api/premium', createX402Gate({
   payTo: '0xYOUR_TREASURY',
-  amount: '500000',          // 0.50 in 6-decimal stablecoin units
+  amount: '500000000000000000',
   asset: 'cUSD',
   network: 'eip155:42220',   // Celo
+  verifyPayment,             // ← verifies the on-chain Settled event
 }), (req, res) => {
   res.json({ data: 'premium content' });
 });
 ```
 
-Server returns `402` + challenge → agent pays on-chain → retries with proof → the gate verifies and serves `200 OK`. MPP gating (`createMppGate`) works the same way.
+Server returns `402` + challenge → agent pays on-chain → retries with proof → `createOnchainVerifier` confirms the `EnvoyFacilitator` `Settled` event (right merchant, token, amount; replay-guarded) → `200 OK`. **Without `verifyPayment` the gate accepts any well-formed proof and logs a warning** — never ship that for real value (see [SECURITY.md](SECURITY.md)). MPP gating (`createMppGate`) works the same way.
 
 ### Generate payment-request URIs
 
@@ -477,7 +488,20 @@ npm run contracts:test            # hardhat test (23 specs)
 | `solana` · `stellar` · `chain-router` · `agent-card` · `did-resolver` … | 15–18 each | Non-EVM rails, routing, ERC-8004 identity |
 | _… 35 suites total_ | **499 passing** (+9 integration tests skipped without creds) | + server gates, watchers, webhooks, contracts client |
 
-CI runs the SDK and the Hardhat contracts on every push (Node 18/20/22) — see [`.github/workflows/ci.yml`](.github/workflows/ci.yml).
+CI runs the SDK and the Hardhat contracts on every push (Node 20/22) — see [`.github/workflows/ci.yml`](.github/workflows/ci.yml).
+
+---
+
+## Security
+
+envoy-pay moves money, so it's gated **twice** — the client `PolicyEngine` *and*
+on-chain `EnvoyFacilitator` caps — and ships [`createOnchainVerifier`](src/server/verify-onchain.ts)
+so your server confirms a payment actually settled (right merchant, token, amount;
+replay-guarded) before serving. It is **pre-1.0 and the `EnvoyFacilitator` contract
+is not yet independently audited.**
+
+See **[SECURITY.md](SECURITY.md)** for the on-chain trust model, a production
+hardening checklist, and how to report a vulnerability.
 
 ---
 
@@ -496,6 +520,22 @@ CI runs the SDK and the Hardhat contracts on every push (Node 18/20/22) — see
 
 ---
 
+## Dependencies & security
+
+The core is deliberately lean. A default `npm i envoy-pay` pulls just **three runtime dependencies** — [`viem`](https://viem.sh), [`axios`](https://axios-http.com), and `@open-wallet-standard/core` — and audits clean:
+
+```bash
+$ npm i envoy-pay
+added 43 packages, audited 44 packages
+found 0 vulnerabilities
+```
+
+- **Optional rails are opt-in.** Solana, Stellar, and Stripe are *optional peer dependencies* — installed only if you import their subpath (`envoy-pay/solana`, `envoy-pay/stellar`, `envoy-pay/stripe`). They carry their own, much larger dependency trees; any advisories there originate from those upstream packages (e.g. `@solana/web3.js`), not from envoy — and you inherit them only if you opt into that rail.
+- **The Celo-first core stays vulnerability-free** regardless of which rails you add.
+- **Verify anytime:** run `npm i envoy-pay && npm audit` in a clean project — you'll see `found 0 vulnerabilities`.
+
+---
+
 ## Project layout
 
 ```

package/dist/cjs/server/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildReceipt = exports.createWebhookHandler = exports.createPaymentGate = exports.createMppGate = exports.createX402Gate = void 0;
+exports.buildReceipt = exports.createWebhookHandler = exports.createPaymentGate = exports.createMppGate = exports.createOnchainVerifier = exports.createX402Gate = void 0;
 /**
  * envoy — Server-Side Payment Gating
  *
@@ -24,6 +24,8 @@ exports.buildReceipt = exports.createWebhookHandler = exports.createPaymentGate
  */
 var x402_gate_1 = require("./x402-gate");
 Object.defineProperty(exports, "createX402Gate", { enumerable: true, get: function () { return x402_gate_1.createX402Gate; } });
+var verify_onchain_1 = require("./verify-onchain");
+Object.defineProperty(exports, "createOnchainVerifier", { enumerable: true, get: function () { return verify_onchain_1.createOnchainVerifier; } });
 var mpp_gate_1 = require("./mpp-gate");
 Object.defineProperty(exports, "createMppGate", { enumerable: true, get: function () { return mpp_gate_1.createMppGate; } });
 var payment_gate_1 = require("./payment-gate");

package/dist/cjs/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,yCAAkF;AAAzE,2GAAA,cAAc,OAAA;AACvB,uCAA+D;AAAtD,yGAAA,aAAa,OAAA;AACtB,+CAA2E;AAAlE,iHAAA,iBAAiB,OAAA;AAC1B,qCAAqE;AAA5D,+GAAA,oBAAoB,OAAA;AAC7B,qCAAmF;AAA1E,uGAAA,YAAY,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,yCAAkF;AAAzE,2GAAA,cAAc,OAAA;AACvB,mDAI0B;AAHxB,uHAAA,qBAAqB,OAAA;AAIvB,uCAA+D;AAAtD,yGAAA,aAAa,OAAA;AACtB,+CAA2E;AAAlE,iHAAA,iBAAiB,OAAA;AAC1B,qCAAqE;AAA5D,+GAAA,oBAAoB,OAAA;AAC7B,qCAAmF;AAA1E,uGAAA,YAAY,OAAA"}

package/dist/cjs/server/verify-onchain.js

@@ -0,0 +1,190 @@
+"use strict";
+/**
+ * On-chain settlement verification for x402 gates.
+ *
+ * `createX402Gate`'s default does NOT confirm a payment settled on-chain — it
+ * only checks that the `X-PAYMENT` header is well-formed and self-consistent.
+ * That's fine for a demo, but unsafe for real value: a client could present a
+ * fabricated proof and be served for free. This helper closes that gap.
+ *
+ * It returns a `verifyPayment` function you pass straight into `createX402Gate`,
+ * which, given the proof a paying agent presents:
+ *
+ *   1. pulls the transaction the proof references (tolerating brief RPC lag),
+ *   2. confirms it succeeded and emitted the deployed `EnvoyFacilitator`'s
+ *      `Settled` event,
+ *   3. checks it paid THIS merchant, in the expected token, for at least the
+ *      asking amount,
+ *   4. replay-guards it — a `challengeId` is redeemable exactly once,
+ *   5. (optionally) reads the paying agent's ERC-8004 card and requires it to
+ *      declare a given capability.
+ *
+ * This is the same verification the autonomous-loop example performs, lifted
+ * into the SDK so production gates don't have to re-implement it.
+ *
+ * @example
+ * ```ts
+ * import { createX402Gate, createOnchainVerifier } from 'envoy-pay/server';
+ * import { CELO_MAINNET } from 'envoy-pay';
+ *
+ * const verifyPayment = createOnchainVerifier({
+ *   chainId: CELO_MAINNET,
+ *   payTo: '0xYourTreasury',
+ *   token: '0x765DE816845861e75A25fCA122bb6898B8B1282a', // cUSD on Celo
+ *   minAmount: 500000000000000000n,                       // 0.5 cUSD (18 decimals)
+ *   rpcUrl: process.env.CELO_RPC_URL,                     // or pass a viem publicClient
+ * });
+ *
+ * app.post('/api/premium', createX402Gate({
+ *   payTo: '0xYourTreasury',
+ *   amount: '500000000000000000',
+ *   asset: 'cUSD',
+ *   network: 'eip155:42220',
+ *   verifyPayment,
+ * }), handler);
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createOnchainVerifier = createOnchainVerifier;
+const viem_1 = require("viem");
+const contracts_1 = require("../contracts");
+const identity_1 = require("../identity");
+const logger_1 = require("../logger");
+const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000';
+function memoryStore() {
+    const set = new Set();
+    return { has: (id) => set.has(id), add: (id) => void set.add(id) };
+}
+/**
+ * Build a `verifyPayment` function that confirms an x402 proof corresponds to a
+ * real `EnvoyFacilitator` settlement on-chain. Pass the result to
+ * `createX402Gate({ verifyPayment })`.
+ */
+function createOnchainVerifier(config) {
+    const log = config.logger ?? logger_1.noopLogger;
+    const deployed = (0, contracts_1.getEnvoyAddresses)(config.chainId);
+    const facilitator = (0, viem_1.getAddress)(config.facilitator ?? deployed.facilitator);
+    const identityRegistry = (0, viem_1.getAddress)(config.identityRegistry ?? deployed.identityRegistry);
+    const token = (0, viem_1.getAddress)(config.token);
+    const payTo = (0, viem_1.getAddress)(config.payTo);
+    const tries = config.receiptRetries ?? 5;
+    const delayMs = config.receiptRetryDelayMs ?? 2000;
+    const seen = config.seen ?? memoryStore();
+    if (facilitator === (0, viem_1.getAddress)(ZERO_ADDRESS)) {
+        throw new Error(`createOnchainVerifier: no EnvoyFacilitator is deployed for chainId ${config.chainId} ` +
+            `(the facilitator is currently Celo Mainnet only). Pass an explicit \`facilitator\` if you have one.`);
+    }
+    const client = resolveClient(config);
+    return async function verifyPayment(proof) {
+        const reject = (why) => {
+            log(`[verify-onchain] ✗ payment rejected — ${why}`);
+            return false;
+        };
+        const txHash = proof?.payload?.transaction;
+        if (!txHash)
+            return reject('proof has no payload.transaction (tx hash)');
+        const receipt = await receiptWithRetry(client, txHash, tries, delayMs);
+        if (!receipt)
+            return reject(`tx ${txHash} not found on chain ${config.chainId}`);
+        if (receipt.status !== 'success')
+            return reject(`tx ${txHash} reverted`);
+        const settled = decodeSettled(receipt.logs, facilitator);
+        if (!settled)
+            return reject(`no EnvoyFacilitator Settled event in ${txHash}`);
+        if ((0, viem_1.getAddress)(settled.merchant) !== payTo) {
+            return reject(`paid the wrong merchant (${settled.merchant}, expected ${payTo})`);
+        }
+        if ((0, viem_1.getAddress)(settled.token) !== token) {
+            return reject(`paid in the wrong token (${settled.token}, expected ${token})`);
+        }
+        if (settled.amount < config.minAmount) {
+            return reject(`underpaid (${settled.amount} < ${config.minAmount})`);
+        }
+        if (await seen.has(settled.challengeId)) {
+            return reject(`receipt already redeemed (challengeId ${settled.challengeId})`);
+        }
+        if (config.requiredCapability) {
+            const caps = await readCapabilities(client, identityRegistry, settled.agentId);
+            if (!caps.includes(config.requiredCapability.toLowerCase())) {
+                return reject(`agent #${settled.agentId} does not declare capability "${config.requiredCapability}" ` +
+                    `(card lists: ${caps.length ? caps.join(', ') : 'none'})`);
+            }
+        }
+        await seen.add(settled.challengeId);
+        log(`[verify-onchain] ✓ agent #${settled.agentId} settled ${settled.amount} to ${payTo} (tx ${txHash})`);
+        return true;
+    };
+}
+function resolveClient(config) {
+    if (config.publicClient)
+        return config.publicClient;
+    if (config.rpcUrl) {
+        return (0, viem_1.createPublicClient)({ transport: (0, viem_1.http)(config.rpcUrl) });
+    }
+    throw new Error('createOnchainVerifier: pass either a `publicClient` or an `rpcUrl`.');
+}
+/** Find + decode the `EnvoyFacilitator` `Settled` event among a receipt's logs. */
+function decodeSettled(logs, facilitator) {
+    for (const lg of logs) {
+        if ((0, viem_1.getAddress)(lg.address) !== facilitator)
+            continue;
+        try {
+            const decoded = (0, viem_1.decodeEventLog)({
+                abi: contracts_1.ENVOY_FACILITATOR_ABI,
+                data: lg.data,
+                topics: lg.topics,
+            });
+            if (decoded.eventName === 'Settled') {
+                const a = decoded.args;
+                return {
+                    challengeId: a.challengeId,
+                    agentId: a.agentId,
+                    merchant: a.merchant,
+                    token: a.token,
+                    amount: a.amount,
+                };
+            }
+        }
+        catch {
+            /* not the Settled event — keep scanning */
+        }
+    }
+    return null;
+}
+/** Fetch a receipt, tolerating brief RPC propagation lag. Null if never seen. */
+async function receiptWithRetry(client, hash, tries, delayMs) {
+    for (let i = 0; i < tries; i++) {
+        try {
+            return await client.getTransactionReceipt({ hash });
+        }
+        catch {
+            if (i < tries - 1)
+                await new Promise((r) => setTimeout(r, delayMs));
+        }
+    }
+    return null;
+}
+/** Read an agent's declared capabilities from its on-chain ERC-8004 card. */
+async function readCapabilities(client, registry, agentId) {
+    try {
+        const { tokenURI } = await identity_1.erc8004.getAgent(client, registry, agentId);
+        if (!tokenURI || !tokenURI.startsWith('data:'))
+            return [];
+        const comma = tokenURI.indexOf(',');
+        const meta = tokenURI.slice(5, comma);
+        const payload = tokenURI.slice(comma + 1);
+        const json = /;base64/i.test(meta)
+            ? Buffer.from(payload, 'base64').toString('utf-8')
+            : decodeURIComponent(payload);
+        const card = JSON.parse(json);
+        return Array.isArray(card?.capabilities)
+            ? card.capabilities
+                .filter((c) => typeof c === 'string')
+                .map((c) => c.toLowerCase())
+            : [];
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=verify-onchain.js.map

package/dist/cjs/server/verify-onchain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-onchain.js","sourceRoot":"","sources":["../../../src/server/verify-onchain.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;;AAwEH,sDAmEC;AAzID,+BASc;AACd,4CAAwE;AACxE,0CAAsC;AACtC,sCAAoD;AAGpD,MAAM,YAAY,GAAG,4CAA4C,CAAC;AA6ClE,SAAS,WAAW;IAClB,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;AACrE,CAAC;AAED;;;;GAIG;AACH,SAAgB,qBAAqB,CACnC,MAA6B;IAE7B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,mBAAU,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,WAAW,GAAG,IAAA,iBAAU,EAAC,MAAM,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,IAAA,iBAAU,EAAC,MAAM,CAAC,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,IAAA,iBAAU,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAA,iBAAU,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,IAAI,IAAI,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;IAE1C,IAAI,WAAW,KAAK,IAAA,iBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,sEAAsE,MAAM,CAAC,OAAO,GAAG;YACrF,qGAAqG,CACxG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAErC,OAAO,KAAK,UAAU,aAAa,CAAC,KAAgB;QAClD,MAAM,MAAM,GAAG,CAAC,GAAW,EAAS,EAAE;YACpC,GAAG,CAAC,yCAAyC,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,KAAK,EAAE,OAAO,EAAE,WAA8B,CAAC;QAC9D,IAAI,CAAC,MAAM;YAAE,OAAO,MAAM,CAAC,4CAA4C,CAAC,CAAC;QAEzE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,OAAO;YAAE,OAAO,MAAM,CAAC,MAAM,MAAM,uBAAuB,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QACjF,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC,MAAM,MAAM,WAAW,CAAC,CAAC;QAEzE,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO;YAAE,OAAO,MAAM,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,IAAA,iBAAU,EAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;YAC3C,OAAO,MAAM,CAAC,4BAA4B,OAAO,CAAC,QAAQ,cAAc,KAAK,GAAG,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,IAAA,iBAAU,EAAC,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC,4BAA4B,OAAO,CAAC,KAAK,cAAc,KAAK,GAAG,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACtC,OAAO,MAAM,CAAC,cAAc,OAAO,CAAC,MAAM,MAAM,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC,yCAAyC,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YAC/E,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC5D,OAAO,MAAM,CACX,UAAU,OAAO,CAAC,OAAO,iCAAiC,MAAM,CAAC,kBAAkB,IAAI;oBACrF,gBAAgB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACpC,GAAG,CACD,6BAA6B,OAAO,CAAC,OAAO,YAAY,OAAO,CAAC,MAAM,OAAO,KAAK,QAAQ,MAAM,GAAG,CACpG,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,MAA6B;IAClD,IAAI,MAAM,CAAC,YAAY;QAAE,OAAO,MAAM,CAAC,YAAY,CAAC;IACpD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,IAAA,yBAAkB,EAAC,EAAE,SAAS,EAAE,IAAA,WAAQ,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAiB,CAAC;IACpF,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;AACzF,CAAC;AAUD,mFAAmF;AACnF,SAAS,aAAa,CACpB,IAAuE,EACvE,WAAoB;IAEpB,KAAK,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;QACtB,IAAI,IAAA,iBAAU,EAAC,EAAE,CAAC,OAAO,CAAC,KAAK,WAAW;YAAE,SAAS;QACrD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAA,qBAAc,EAAC;gBAC7B,GAAG,EAAE,iCAAqB;gBAC1B,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,MAAM,EAAE,EAAE,CAAC,MAAyB;aACrC,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,CAAC,GAAG,OAAO,CAAC,IAMjB,CAAC;gBACF,OAAO;oBACL,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,MAAM,EAAE,CAAC,CAAC,MAAM;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,KAAK,UAAU,gBAAgB,CAC7B,MAAoB,EACpB,IAAS,EACT,KAAa,EACb,OAAe;IAEf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6EAA6E;AAC7E,KAAK,UAAU,gBAAgB,CAC7B,MAAoB,EACpB,QAAiB,EACjB,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,kBAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAChC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;YAClD,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC;YACtC,CAAC,CAAC,IAAI,CAAC,YAAY;iBACd,MAAM,CAAC,CAAC,CAAU,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;iBAC1D,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/cjs/server/x402-gate.js

@@ -25,6 +25,16 @@ function createX402Gate(config) {
     const log = config.logger ?? logger_1.noopLogger;
     const version = config.x402Version ?? 2;
     const scheme = config.scheme ?? 'exact';
+    // The built-in checks only confirm the proof is well-formed and self-consistent
+    // (payTo/amount echo the challenge) — they do NOT confirm the payment settled.
+    // Without `verifyPayment`, anyone can craft a proof and be served for free.
+    if (!config.verifyPayment && !config.facilitatorUrl && !config.allowUnverified) {
+        // eslint-disable-next-line no-console
+        console.warn('[x402-gate] ⚠ SECURITY: no `verifyPayment` configured — this gate accepts any ' +
+            'well-formed X-PAYMENT header WITHOUT confirming the payment settled on-chain. ' +
+            'Wire `createOnchainVerifier()` (envoy-pay/server) before charging real value, or ' +
+            'set `allowUnverified: true` to acknowledge and silence this. See SECURITY.md.');
+    }
     return async (req, res, next) => {
         // Check for existing X-PAYMENT header
         const paymentHeader = req.headers['x-payment'] ||

package/dist/cjs/server/x402-gate.js.map

@@ -1 +1 @@
-{"version":3,"file":"x402-gate.js","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":";;AAuEA,wCA4FC;AAlKD,sCAA+C;AAmD/C;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,cAAc,CAAC,MAAsB;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,mBAAU,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC;IAExC,OAAO,KAAK,EACV,GAAiB,EACjB,GAAmB,EACnB,IAAyB,EACzB,EAAE;QACF,sCAAsC;QACtC,MAAM,aAAa,GAChB,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY;YACnC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY,CAAC;QAEvC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,0CAA0C;YAC1C,GAAG,CAAC,8DAA8D,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG;gBAChB,WAAW,EAAE,OAAO;gBACpB,QAAQ,EAAE;oBACR,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,GAAG;oBACnB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kBAAkB;oBACrD,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC7D;gBACD,OAAO,EAAE;oBACP;wBACE,MAAM;wBACN,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;qBACpB;iBACF;aACF,CAAC;YAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACvE,MAAM,KAAK,GAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE7C,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;gBAChC,GAAG,CAAC,oDAAoD,CAAC,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,KAAK,CAAC,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;gBACnE,GAAG,CAAC,4CAA4C,CAAC,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtE,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,oCAAoC;YACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;YACpB,GAAG,CAAC,sCAAsC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;YACrF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,iDAAiD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"x402-gate.js","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":";;AA6EA,wCAyGC;AArLD,sCAA+C;AAyD/C;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,cAAc,CAAC,MAAsB;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,mBAAU,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC;IAExC,gFAAgF;IAChF,+EAA+E;IAC/E,4EAA4E;IAC5E,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAC/E,sCAAsC;QACtC,OAAO,CAAC,IAAI,CACV,gFAAgF;YAC9E,gFAAgF;YAChF,mFAAmF;YACnF,+EAA+E,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,EACV,GAAiB,EACjB,GAAmB,EACnB,IAAyB,EACzB,EAAE;QACF,sCAAsC;QACtC,MAAM,aAAa,GAChB,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY;YACnC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY,CAAC;QAEvC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,0CAA0C;YAC1C,GAAG,CAAC,8DAA8D,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG;gBAChB,WAAW,EAAE,OAAO;gBACpB,QAAQ,EAAE;oBACR,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,GAAG;oBACnB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kBAAkB;oBACrD,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC7D;gBACD,OAAO,EAAE;oBACP;wBACE,MAAM;wBACN,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;qBACpB;iBACF;aACF,CAAC;YAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACvE,MAAM,KAAK,GAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE7C,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;gBAChC,GAAG,CAAC,oDAAoD,CAAC,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,KAAK,CAAC,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;gBACnE,GAAG,CAAC,4CAA4C,CAAC,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtE,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,oCAAoC;YACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;YACpB,GAAG,CAAC,sCAAsC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;YACrF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,iDAAiD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/esm/server/index.js

@@ -20,6 +20,7 @@
  * ```
  */
 export { createX402Gate } from './x402-gate.js';
+export { createOnchainVerifier, } from './verify-onchain.js';
 export { createMppGate } from './mpp-gate.js';
 export { createPaymentGate } from './payment-gate.js';
 export { createWebhookHandler } from './webhook.js';

package/dist/esm/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,cAAc,EAAuC,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAsB,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAA0B,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAsB,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,YAAY,EAA4C,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,cAAc,EAAuC,MAAM,aAAa,CAAC;AAClF,OAAO,EACL,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAsB,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAA0B,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAsB,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,YAAY,EAA4C,MAAM,WAAW,CAAC"}

package/dist/esm/server/verify-onchain.js

@@ -0,0 +1,187 @@
+/**
+ * On-chain settlement verification for x402 gates.
+ *
+ * `createX402Gate`'s default does NOT confirm a payment settled on-chain — it
+ * only checks that the `X-PAYMENT` header is well-formed and self-consistent.
+ * That's fine for a demo, but unsafe for real value: a client could present a
+ * fabricated proof and be served for free. This helper closes that gap.
+ *
+ * It returns a `verifyPayment` function you pass straight into `createX402Gate`,
+ * which, given the proof a paying agent presents:
+ *
+ *   1. pulls the transaction the proof references (tolerating brief RPC lag),
+ *   2. confirms it succeeded and emitted the deployed `EnvoyFacilitator`'s
+ *      `Settled` event,
+ *   3. checks it paid THIS merchant, in the expected token, for at least the
+ *      asking amount,
+ *   4. replay-guards it — a `challengeId` is redeemable exactly once,
+ *   5. (optionally) reads the paying agent's ERC-8004 card and requires it to
+ *      declare a given capability.
+ *
+ * This is the same verification the autonomous-loop example performs, lifted
+ * into the SDK so production gates don't have to re-implement it.
+ *
+ * @example
+ * ```ts
+ * import { createX402Gate, createOnchainVerifier } from 'envoy-pay/server';
+ * import { CELO_MAINNET } from 'envoy-pay';
+ *
+ * const verifyPayment = createOnchainVerifier({
+ *   chainId: CELO_MAINNET,
+ *   payTo: '0xYourTreasury',
+ *   token: '0x765DE816845861e75A25fCA122bb6898B8B1282a', // cUSD on Celo
+ *   minAmount: 500000000000000000n,                       // 0.5 cUSD (18 decimals)
+ *   rpcUrl: process.env.CELO_RPC_URL,                     // or pass a viem publicClient
+ * });
+ *
+ * app.post('/api/premium', createX402Gate({
+ *   payTo: '0xYourTreasury',
+ *   amount: '500000000000000000',
+ *   asset: 'cUSD',
+ *   network: 'eip155:42220',
+ *   verifyPayment,
+ * }), handler);
+ * ```
+ */
+import { createPublicClient, decodeEventLog, getAddress, http as viemHttp, } from 'viem';
+import { getEnvoyAddresses, ENVOY_FACILITATOR_ABI } from '../contracts/index.js';
+import { erc8004 } from '../identity/index.js';
+import { noopLogger } from '../logger.js';
+const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000';
+function memoryStore() {
+    const set = new Set();
+    return { has: (id) => set.has(id), add: (id) => void set.add(id) };
+}
+/**
+ * Build a `verifyPayment` function that confirms an x402 proof corresponds to a
+ * real `EnvoyFacilitator` settlement on-chain. Pass the result to
+ * `createX402Gate({ verifyPayment })`.
+ */
+export function createOnchainVerifier(config) {
+    const log = config.logger ?? noopLogger;
+    const deployed = getEnvoyAddresses(config.chainId);
+    const facilitator = getAddress(config.facilitator ?? deployed.facilitator);
+    const identityRegistry = getAddress(config.identityRegistry ?? deployed.identityRegistry);
+    const token = getAddress(config.token);
+    const payTo = getAddress(config.payTo);
+    const tries = config.receiptRetries ?? 5;
+    const delayMs = config.receiptRetryDelayMs ?? 2000;
+    const seen = config.seen ?? memoryStore();
+    if (facilitator === getAddress(ZERO_ADDRESS)) {
+        throw new Error(`createOnchainVerifier: no EnvoyFacilitator is deployed for chainId ${config.chainId} ` +
+            `(the facilitator is currently Celo Mainnet only). Pass an explicit \`facilitator\` if you have one.`);
+    }
+    const client = resolveClient(config);
+    return async function verifyPayment(proof) {
+        const reject = (why) => {
+            log(`[verify-onchain] ✗ payment rejected — ${why}`);
+            return false;
+        };
+        const txHash = proof?.payload?.transaction;
+        if (!txHash)
+            return reject('proof has no payload.transaction (tx hash)');
+        const receipt = await receiptWithRetry(client, txHash, tries, delayMs);
+        if (!receipt)
+            return reject(`tx ${txHash} not found on chain ${config.chainId}`);
+        if (receipt.status !== 'success')
+            return reject(`tx ${txHash} reverted`);
+        const settled = decodeSettled(receipt.logs, facilitator);
+        if (!settled)
+            return reject(`no EnvoyFacilitator Settled event in ${txHash}`);
+        if (getAddress(settled.merchant) !== payTo) {
+            return reject(`paid the wrong merchant (${settled.merchant}, expected ${payTo})`);
+        }
+        if (getAddress(settled.token) !== token) {
+            return reject(`paid in the wrong token (${settled.token}, expected ${token})`);
+        }
+        if (settled.amount < config.minAmount) {
+            return reject(`underpaid (${settled.amount} < ${config.minAmount})`);
+        }
+        if (await seen.has(settled.challengeId)) {
+            return reject(`receipt already redeemed (challengeId ${settled.challengeId})`);
+        }
+        if (config.requiredCapability) {
+            const caps = await readCapabilities(client, identityRegistry, settled.agentId);
+            if (!caps.includes(config.requiredCapability.toLowerCase())) {
+                return reject(`agent #${settled.agentId} does not declare capability "${config.requiredCapability}" ` +
+                    `(card lists: ${caps.length ? caps.join(', ') : 'none'})`);
+            }
+        }
+        await seen.add(settled.challengeId);
+        log(`[verify-onchain] ✓ agent #${settled.agentId} settled ${settled.amount} to ${payTo} (tx ${txHash})`);
+        return true;
+    };
+}
+function resolveClient(config) {
+    if (config.publicClient)
+        return config.publicClient;
+    if (config.rpcUrl) {
+        return createPublicClient({ transport: viemHttp(config.rpcUrl) });
+    }
+    throw new Error('createOnchainVerifier: pass either a `publicClient` or an `rpcUrl`.');
+}
+/** Find + decode the `EnvoyFacilitator` `Settled` event among a receipt's logs. */
+function decodeSettled(logs, facilitator) {
+    for (const lg of logs) {
+        if (getAddress(lg.address) !== facilitator)
+            continue;
+        try {
+            const decoded = decodeEventLog({
+                abi: ENVOY_FACILITATOR_ABI,
+                data: lg.data,
+                topics: lg.topics,
+            });
+            if (decoded.eventName === 'Settled') {
+                const a = decoded.args;
+                return {
+                    challengeId: a.challengeId,
+                    agentId: a.agentId,
+                    merchant: a.merchant,
+                    token: a.token,
+                    amount: a.amount,
+                };
+            }
+        }
+        catch {
+            /* not the Settled event — keep scanning */
+        }
+    }
+    return null;
+}
+/** Fetch a receipt, tolerating brief RPC propagation lag. Null if never seen. */
+async function receiptWithRetry(client, hash, tries, delayMs) {
+    for (let i = 0; i < tries; i++) {
+        try {
+            return await client.getTransactionReceipt({ hash });
+        }
+        catch {
+            if (i < tries - 1)
+                await new Promise((r) => setTimeout(r, delayMs));
+        }
+    }
+    return null;
+}
+/** Read an agent's declared capabilities from its on-chain ERC-8004 card. */
+async function readCapabilities(client, registry, agentId) {
+    try {
+        const { tokenURI } = await erc8004.getAgent(client, registry, agentId);
+        if (!tokenURI || !tokenURI.startsWith('data:'))
+            return [];
+        const comma = tokenURI.indexOf(',');
+        const meta = tokenURI.slice(5, comma);
+        const payload = tokenURI.slice(comma + 1);
+        const json = /;base64/i.test(meta)
+            ? Buffer.from(payload, 'base64').toString('utf-8')
+            : decodeURIComponent(payload);
+        const card = JSON.parse(json);
+        return Array.isArray(card?.capabilities)
+            ? card.capabilities
+                .filter((c) => typeof c === 'string')
+                .map((c) => c.toLowerCase())
+            : [];
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=verify-onchain.js.map

package/dist/esm/server/verify-onchain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-onchain.js","sourceRoot":"","sources":["../../../src/server/verify-onchain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,UAAU,EACV,IAAI,IAAI,QAAQ,GAKjB,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAe,UAAU,EAAE,MAAM,WAAW,CAAC;AAGpD,MAAM,YAAY,GAAG,4CAA4C,CAAC;AA6ClE,SAAS,WAAW;IAClB,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;AACrE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAA6B;IAE7B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;IACxC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,UAAU,CAAC,MAAM,CAAC,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,IAAI,IAAI,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;IAE1C,IAAI,WAAW,KAAK,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,sEAAsE,MAAM,CAAC,OAAO,GAAG;YACrF,qGAAqG,CACxG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAErC,OAAO,KAAK,UAAU,aAAa,CAAC,KAAgB;QAClD,MAAM,MAAM,GAAG,CAAC,GAAW,EAAS,EAAE;YACpC,GAAG,CAAC,yCAAyC,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,KAAK,EAAE,OAAO,EAAE,WAA8B,CAAC;QAC9D,IAAI,CAAC,MAAM;YAAE,OAAO,MAAM,CAAC,4CAA4C,CAAC,CAAC;QAEzE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,OAAO;YAAE,OAAO,MAAM,CAAC,MAAM,MAAM,uBAAuB,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QACjF,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC,MAAM,MAAM,WAAW,CAAC,CAAC;QAEzE,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO;YAAE,OAAO,MAAM,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;YAC3C,OAAO,MAAM,CAAC,4BAA4B,OAAO,CAAC,QAAQ,cAAc,KAAK,GAAG,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC,4BAA4B,OAAO,CAAC,KAAK,cAAc,KAAK,GAAG,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACtC,OAAO,MAAM,CAAC,cAAc,OAAO,CAAC,MAAM,MAAM,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC,yCAAyC,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YAC/E,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC5D,OAAO,MAAM,CACX,UAAU,OAAO,CAAC,OAAO,iCAAiC,MAAM,CAAC,kBAAkB,IAAI;oBACrF,gBAAgB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACpC,GAAG,CACD,6BAA6B,OAAO,CAAC,OAAO,YAAY,OAAO,CAAC,MAAM,OAAO,KAAK,QAAQ,MAAM,GAAG,CACpG,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,MAA6B;IAClD,IAAI,MAAM,CAAC,YAAY;QAAE,OAAO,MAAM,CAAC,YAAY,CAAC;IACpD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,kBAAkB,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAiB,CAAC;IACpF,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;AACzF,CAAC;AAUD,mFAAmF;AACnF,SAAS,aAAa,CACpB,IAAuE,EACvE,WAAoB;IAEpB,KAAK,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;QACtB,IAAI,UAAU,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,WAAW;YAAE,SAAS;QACrD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,cAAc,CAAC;gBAC7B,GAAG,EAAE,qBAAqB;gBAC1B,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,MAAM,EAAE,EAAE,CAAC,MAAyB;aACrC,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,CAAC,GAAG,OAAO,CAAC,IAMjB,CAAC;gBACF,OAAO;oBACL,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,MAAM,EAAE,CAAC,CAAC,MAAM;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,KAAK,UAAU,gBAAgB,CAC7B,MAAoB,EACpB,IAAS,EACT,KAAa,EACb,OAAe;IAEf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6EAA6E;AAC7E,KAAK,UAAU,gBAAgB,CAC7B,MAAoB,EACpB,QAAiB,EACjB,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAChC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;YAClD,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC;YACtC,CAAC,CAAC,IAAI,CAAC,YAAY;iBACd,MAAM,CAAC,CAAC,CAAU,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;iBAC1D,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/esm/server/x402-gate.js

@@ -22,6 +22,16 @@ export function createX402Gate(config) {
     const log = config.logger ?? noopLogger;
     const version = config.x402Version ?? 2;
     const scheme = config.scheme ?? 'exact';
+    // The built-in checks only confirm the proof is well-formed and self-consistent
+    // (payTo/amount echo the challenge) — they do NOT confirm the payment settled.
+    // Without `verifyPayment`, anyone can craft a proof and be served for free.
+    if (!config.verifyPayment && !config.facilitatorUrl && !config.allowUnverified) {
+        // eslint-disable-next-line no-console
+        console.warn('[x402-gate] ⚠ SECURITY: no `verifyPayment` configured — this gate accepts any ' +
+            'well-formed X-PAYMENT header WITHOUT confirming the payment settled on-chain. ' +
+            'Wire `createOnchainVerifier()` (envoy-pay/server) before charging real value, or ' +
+            'set `allowUnverified: true` to acknowledge and silence this. See SECURITY.md.');
+    }
     return async (req, res, next) => {
         // Check for existing X-PAYMENT header
         const paymentHeader = req.headers['x-payment'] ||

package/dist/esm/server/x402-gate.js.map

@@ -1 +1 @@
-{"version":3,"file":"x402-gate.js","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAU,UAAU,EAAE,MAAM,WAAW,CAAC;AAmD/C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC;IAExC,OAAO,KAAK,EACV,GAAiB,EACjB,GAAmB,EACnB,IAAyB,EACzB,EAAE;QACF,sCAAsC;QACtC,MAAM,aAAa,GAChB,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY;YACnC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY,CAAC;QAEvC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,0CAA0C;YAC1C,GAAG,CAAC,8DAA8D,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG;gBAChB,WAAW,EAAE,OAAO;gBACpB,QAAQ,EAAE;oBACR,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,GAAG;oBACnB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kBAAkB;oBACrD,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC7D;gBACD,OAAO,EAAE;oBACP;wBACE,MAAM;wBACN,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;qBACpB;iBACF;aACF,CAAC;YAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACvE,MAAM,KAAK,GAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE7C,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;gBAChC,GAAG,CAAC,oDAAoD,CAAC,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,KAAK,CAAC,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;gBACnE,GAAG,CAAC,4CAA4C,CAAC,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtE,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,oCAAoC;YACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;YACpB,GAAG,CAAC,sCAAsC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;YACrF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,iDAAiD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"x402-gate.js","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAU,UAAU,EAAE,MAAM,WAAW,CAAC;AAyD/C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC;IAExC,gFAAgF;IAChF,+EAA+E;IAC/E,4EAA4E;IAC5E,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAC/E,sCAAsC;QACtC,OAAO,CAAC,IAAI,CACV,gFAAgF;YAC9E,gFAAgF;YAChF,mFAAmF;YACnF,+EAA+E,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,EACV,GAAiB,EACjB,GAAmB,EACnB,IAAyB,EACzB,EAAE;QACF,sCAAsC;QACtC,MAAM,aAAa,GAChB,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY;YACnC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAY,CAAC;QAEvC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,0CAA0C;YAC1C,GAAG,CAAC,8DAA8D,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG;gBAChB,WAAW,EAAE,OAAO;gBACpB,QAAQ,EAAE;oBACR,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,GAAG;oBACnB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kBAAkB;oBACrD,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC7D;gBACD,OAAO,EAAE;oBACP;wBACE,MAAM;wBACN,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;qBACpB;iBACF;aACF,CAAC;YAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACvE,MAAM,KAAK,GAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE7C,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;gBAChC,GAAG,CAAC,oDAAoD,CAAC,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,KAAK,CAAC,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;gBACnE,GAAG,CAAC,4CAA4C,CAAC,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtE,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,oCAAoC;YACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;YACpB,GAAG,CAAC,sCAAsC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;YACrF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,iDAAiD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/types/server/index.d.ts

@@ -20,6 +20,7 @@
  * ```
  */
 export { createX402Gate, type X402GateConfig, type X402Proof } from './x402-gate';
+export { createOnchainVerifier, type OnchainVerifierConfig, type ReplayStore, } from './verify-onchain';
 export { createMppGate, type MppGateConfig } from './mpp-gate';
 export { createPaymentGate, type PaymentGateConfig } from './payment-gate';
 export { createWebhookHandler, type WebhookConfig } from './webhook';

package/dist/types/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EACL,qBAAqB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,WAAW,GACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,WAAW,CAAC"}

package/dist/types/server/verify-onchain.d.ts

@@ -0,0 +1,96 @@
+/**
+ * On-chain settlement verification for x402 gates.
+ *
+ * `createX402Gate`'s default does NOT confirm a payment settled on-chain — it
+ * only checks that the `X-PAYMENT` header is well-formed and self-consistent.
+ * That's fine for a demo, but unsafe for real value: a client could present a
+ * fabricated proof and be served for free. This helper closes that gap.
+ *
+ * It returns a `verifyPayment` function you pass straight into `createX402Gate`,
+ * which, given the proof a paying agent presents:
+ *
+ *   1. pulls the transaction the proof references (tolerating brief RPC lag),
+ *   2. confirms it succeeded and emitted the deployed `EnvoyFacilitator`'s
+ *      `Settled` event,
+ *   3. checks it paid THIS merchant, in the expected token, for at least the
+ *      asking amount,
+ *   4. replay-guards it — a `challengeId` is redeemable exactly once,
+ *   5. (optionally) reads the paying agent's ERC-8004 card and requires it to
+ *      declare a given capability.
+ *
+ * This is the same verification the autonomous-loop example performs, lifted
+ * into the SDK so production gates don't have to re-implement it.
+ *
+ * @example
+ * ```ts
+ * import { createX402Gate, createOnchainVerifier } from 'envoy-pay/server';
+ * import { CELO_MAINNET } from 'envoy-pay';
+ *
+ * const verifyPayment = createOnchainVerifier({
+ *   chainId: CELO_MAINNET,
+ *   payTo: '0xYourTreasury',
+ *   token: '0x765DE816845861e75A25fCA122bb6898B8B1282a', // cUSD on Celo
+ *   minAmount: 500000000000000000n,                       // 0.5 cUSD (18 decimals)
+ *   rpcUrl: process.env.CELO_RPC_URL,                     // or pass a viem publicClient
+ * });
+ *
+ * app.post('/api/premium', createX402Gate({
+ *   payTo: '0xYourTreasury',
+ *   amount: '500000000000000000',
+ *   asset: 'cUSD',
+ *   network: 'eip155:42220',
+ *   verifyPayment,
+ * }), handler);
+ * ```
+ */
+import { type Address, type PublicClient } from 'viem';
+import { type Logger } from '../logger';
+import type { X402Proof } from './x402-gate';
+/**
+ * A redeemed-receipt store. A `challengeId` is honored exactly once. The default
+ * is an in-process `Set` — fine for a single instance, but NOT safe across a
+ * horizontally-scaled deployment, where two nodes could each redeem the same
+ * receipt. Pass a shared (e.g. Redis-backed) implementation in production.
+ */
+export interface ReplayStore {
+    has(challengeId: string): boolean | Promise<boolean>;
+    add(challengeId: string): void | Promise<void>;
+}
+export interface OnchainVerifierConfig {
+    /** EIP-155 chain id the payment settles on (e.g. 42220 — Celo Mainnet). */
+    chainId: number;
+    /** Merchant wallet that must be the `merchant` in the `Settled` event. */
+    payTo: Address;
+    /** Token the payment must be denominated in (e.g. cUSD on Celo). */
+    token: Address;
+    /** Minimum settled amount required to pass, in the token's smallest unit. */
+    minAmount: bigint;
+    /** A viem `PublicClient` for reads. Provide this OR `rpcUrl`. */
+    publicClient?: PublicClient;
+    /** RPC URL used to build a read-only client when `publicClient` is omitted. */
+    rpcUrl?: string;
+    /** `EnvoyFacilitator` address. Defaults to the deployed one for `chainId`. */
+    facilitator?: Address;
+    /**
+     * Optional ERC-8004 capability the paying agent's on-chain card must declare.
+     * When set, the agent's card is read and the request is rejected if it's absent.
+     */
+    requiredCapability?: string;
+    /** ERC-8004 Identity registry, for the capability read. Defaults to deployed. */
+    identityRegistry?: Address;
+    /** Replay store. Defaults to an in-process `Set` (see {@link ReplayStore}). */
+    seen?: ReplayStore;
+    /** Receipt-fetch retries, to tolerate RPC propagation lag. Default 5. */
+    receiptRetries?: number;
+    /** Delay between receipt retries, in ms. Default 2000. */
+    receiptRetryDelayMs?: number;
+    /** Optional logger. Surfaces the reason a payment was rejected. */
+    logger?: Logger;
+}
+/**
+ * Build a `verifyPayment` function that confirms an x402 proof corresponds to a
+ * real `EnvoyFacilitator` settlement on-chain. Pass the result to
+ * `createX402Gate({ verifyPayment })`.
+ */
+export declare function createOnchainVerifier(config: OnchainVerifierConfig): (proof: X402Proof) => Promise<boolean>;
+//# sourceMappingURL=verify-onchain.d.ts.map

package/dist/types/server/verify-onchain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-onchain.d.ts","sourceRoot":"","sources":["../../../src/server/verify-onchain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAKL,KAAK,OAAO,EAEZ,KAAK,YAAY,EAElB,MAAM,MAAM,CAAC;AAGd,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,WAAW,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAI7C;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACrD,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,qBAAqB;IACpC,2EAA2E;IAC3E,OAAO,EAAE,MAAM,CAAC;IAChB,0EAA0E;IAC1E,KAAK,EAAE,OAAO,CAAC;IACf,oEAAoE;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,6EAA6E;IAC7E,SAAS,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,+EAA+E;IAC/E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iFAAiF;IACjF,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,+EAA+E;IAC/E,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,yEAAyE;IACzE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0DAA0D;IAC1D,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mEAAmE;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAOD;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,qBAAqB,GAC5B,CAAC,KAAK,EAAE,SAAS,KAAK,OAAO,CAAC,OAAO,CAAC,CAiExC"}

package/dist/types/server/x402-gate.d.ts

@@ -22,8 +22,14 @@ export interface X402GateConfig {
     usdAmount?: number;
     /** Facilitator URL for verification (optional). */
     facilitatorUrl?: string;
-    /** Verification function. If provided, called to verify X-PAYMENT proof. */
+    /** Verification function. If provided, called to verify X-PAYMENT proof.
+     *  Use `createOnchainVerifier(...)` (envoy-pay/server) to confirm the payment
+     *  actually settled on-chain — strongly recommended before charging real value. */
     verifyPayment?: (proof: X402Proof) => Promise<boolean> | boolean;
+    /** Acknowledge running WITHOUT settlement verification (silences the security
+     *  warning). The gate then trusts any well-formed proof — only safe for demos,
+     *  testnets, or when a trusted facilitator verifies upstream. Default: false. */
+    allowUnverified?: boolean;
     /** Logger function. */
     logger?: Logger;
 }

package/dist/types/server/x402-gate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"x402-gate.d.ts","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAc,MAAM,WAAW,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACjE,uBAAuB;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,2CAA2C;AAC3C,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QACR,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,oEAAoE;AACpE,UAAU,YAAa,SAAQ,eAAe;IAC5C,OAAO,CAAC,EAAE,SAAS,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,IAMjD,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,mBAoF5B"}
+{"version":3,"file":"x402-gate.d.ts","sourceRoot":"","sources":["../../../src/server/x402-gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAc,MAAM,WAAW,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;uFAEmF;IACnF,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACjE;;qFAEiF;IACjF,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,uBAAuB;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,2CAA2C;AAC3C,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QACR,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,oEAAoE;AACpE,UAAU,YAAa,SAAQ,eAAe;IAC5C,OAAO,CAAC,EAAE,SAAS,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,IAmBjD,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,IAAI,mBAoF5B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envoy-pay",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Celo-first agent payment SDK: x402 + MPP settlement, ERC-8004 identity, and on-chain spending policy via the EnvoyFacilitator. Optional Solana, Stellar, Stripe, DEX/bridge, and unified-wallet modules via subpath imports.",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -143,7 +143,7 @@
     "open-wallet-standard"
   ],
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   },
   "author": "Envoy",
   "license": "Apache-2.0",