kawasekit 0.1.0-beta.4 → 0.1.0-beta.5

package/dist/asset-domain-CpJuDkI2.d.cts

@@ -0,0 +1,102 @@
+import { Address } from 'viem';
+
+/**
+ * Known-asset registry for {@link createX402PaymentSigner}'s
+ * `asset: { kind: "known", id }` discriminated-union branch.
+ *
+ * kawasekit only ships pinned EIP-712 domain definitions for assets it has
+ * verified empirically against the deployed contracts. Adding a new entry
+ * here requires citing the source-file + line reference for the contract
+ * that owns the `name` / `version` (so the next reviewer can spot-check the
+ * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
+ * verdict that delegates to an out-of-scope component).
+ *
+ * @packageDocumentation
+ */
+
+/** Known asset identifiers. New entries must update this union AND the table. */
+type KnownAssetId = "jpyc-v2";
+/** Fully-pinned EIP-712 domain for a known asset. */
+interface KnownAssetDomain {
+    readonly id: KnownAssetId;
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Look up a known asset's pinned EIP-712 domain by id.
+ *
+ * @returns The domain, or `undefined` if the id is not in the registry.
+ *
+ * @example
+ * ```ts
+ * import { getKnownAssetDomain } from "kawasekit";
+ *
+ * const jpyc = getKnownAssetDomain("jpyc-v2");
+ * if (jpyc === undefined) throw new Error("unreachable");
+ * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
+ * ```
+ */
+declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
+/** List every known asset id (for diagnostics / error messages). */
+declare function listKnownAssetIds(): readonly KnownAssetId[];
+
+/**
+ * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
+ *
+ * Construction-time pinning of the EIP-712 domain (`name` / `version` /
+ * `verifyingContract`) a signer will use. The integrator declares an
+ * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
+ * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
+ * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
+ * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
+ * EIP-712 domain).
+ *
+ * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
+ * and the M6 PolicyGatedSigner (`src/signer/`).
+ *
+ * @packageDocumentation
+ */
+
+/** EIP-712 token domain `name` / `version` pair. */
+interface X402TokenDomain {
+    readonly name: string;
+    readonly version: string;
+}
+/**
+ * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
+ * Required, discriminated.
+ *
+ * **Default-on whitelist**: integrators MUST declare which asset they intend
+ * to sign for. The `known` branch references a kawasekit-maintained
+ * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
+ * is the deliberate escape hatch for any other asset and is named loudly so
+ * it survives a code review. Either way, the signer pins the EIP-712 domain
+ * at construction time and refuses to sign if `paymentRequirements.asset`
+ * disagrees with the pinned `verifyingContract`.
+ *
+ * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
+ * `extra.name` / `extra.version` and `asset` are all ignored for signing
+ * purposes — the signer trusts only what the integrator declared here.
+ */
+type X402AssetParam = {
+    /** Use a kawasekit-maintained pinned EIP-712 domain. */
+    readonly kind: "known";
+    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
+    readonly id: KnownAssetId;
+} | {
+    /**
+     * Use a caller-supplied EIP-712 domain for an asset NOT on the
+     * kawasekit whitelist. The name is deliberately loud — pick this
+     * branch only when you have separately audited the contract and its
+     * `eip712Domain()` output.
+     */
+    readonly kind: "unsafeOverride";
+    readonly domain: {
+        readonly name: string;
+        readonly version: string;
+        readonly verifyingContract: Address;
+    };
+};
+
+export { type KnownAssetDomain as K, type X402AssetParam as X, type KnownAssetId as a, type X402TokenDomain as b, getKnownAssetDomain as g, listKnownAssetIds as l };

package/dist/asset-domain-CpJuDkI2.d.ts

@@ -0,0 +1,102 @@
+import { Address } from 'viem';
+
+/**
+ * Known-asset registry for {@link createX402PaymentSigner}'s
+ * `asset: { kind: "known", id }` discriminated-union branch.
+ *
+ * kawasekit only ships pinned EIP-712 domain definitions for assets it has
+ * verified empirically against the deployed contracts. Adding a new entry
+ * here requires citing the source-file + line reference for the contract
+ * that owns the `name` / `version` (so the next reviewer can spot-check the
+ * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
+ * verdict that delegates to an out-of-scope component).
+ *
+ * @packageDocumentation
+ */
+
+/** Known asset identifiers. New entries must update this union AND the table. */
+type KnownAssetId = "jpyc-v2";
+/** Fully-pinned EIP-712 domain for a known asset. */
+interface KnownAssetDomain {
+    readonly id: KnownAssetId;
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Look up a known asset's pinned EIP-712 domain by id.
+ *
+ * @returns The domain, or `undefined` if the id is not in the registry.
+ *
+ * @example
+ * ```ts
+ * import { getKnownAssetDomain } from "kawasekit";
+ *
+ * const jpyc = getKnownAssetDomain("jpyc-v2");
+ * if (jpyc === undefined) throw new Error("unreachable");
+ * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
+ * ```
+ */
+declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
+/** List every known asset id (for diagnostics / error messages). */
+declare function listKnownAssetIds(): readonly KnownAssetId[];
+
+/**
+ * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
+ *
+ * Construction-time pinning of the EIP-712 domain (`name` / `version` /
+ * `verifyingContract`) a signer will use. The integrator declares an
+ * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
+ * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
+ * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
+ * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
+ * EIP-712 domain).
+ *
+ * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
+ * and the M6 PolicyGatedSigner (`src/signer/`).
+ *
+ * @packageDocumentation
+ */
+
+/** EIP-712 token domain `name` / `version` pair. */
+interface X402TokenDomain {
+    readonly name: string;
+    readonly version: string;
+}
+/**
+ * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
+ * Required, discriminated.
+ *
+ * **Default-on whitelist**: integrators MUST declare which asset they intend
+ * to sign for. The `known` branch references a kawasekit-maintained
+ * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
+ * is the deliberate escape hatch for any other asset and is named loudly so
+ * it survives a code review. Either way, the signer pins the EIP-712 domain
+ * at construction time and refuses to sign if `paymentRequirements.asset`
+ * disagrees with the pinned `verifyingContract`.
+ *
+ * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
+ * `extra.name` / `extra.version` and `asset` are all ignored for signing
+ * purposes — the signer trusts only what the integrator declared here.
+ */
+type X402AssetParam = {
+    /** Use a kawasekit-maintained pinned EIP-712 domain. */
+    readonly kind: "known";
+    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
+    readonly id: KnownAssetId;
+} | {
+    /**
+     * Use a caller-supplied EIP-712 domain for an asset NOT on the
+     * kawasekit whitelist. The name is deliberately loud — pick this
+     * branch only when you have separately audited the contract and its
+     * `eip712Domain()` output.
+     */
+    readonly kind: "unsafeOverride";
+    readonly domain: {
+        readonly name: string;
+        readonly version: string;
+        readonly verifyingContract: Address;
+    };
+};
+
+export { type KnownAssetDomain as K, type X402AssetParam as X, type KnownAssetId as a, type X402TokenDomain as b, getKnownAssetDomain as g, listKnownAssetIds as l };

package/dist/chunk-DYTONQW2.js

@@ -0,0 +1,76 @@
+import { PolicyGatedSignerConfigError, resolveAssetParam, signTransferWithAuthorization } from './chunk-VPRR3TNA.js';
+import { evaluateSpendingPolicy } from './chunk-MTMJNYOD.js';
+import { getAddress } from 'viem';
+
+function createLocalPolicyGatedSigner(params) {
+  if (params.acknowledgeAdvisory !== true) {
+    throw new PolicyGatedSignerConfigError(
+      "acknowledgeAdvisory",
+      "a local signer is advisory (a key-holder can bypass its policy); pass `acknowledgeAdvisory: true` to construct one consciously, or use a cryptographic adapter for bounded/regulated flows"
+    );
+  }
+  const { account, policy, spendState } = params;
+  const pinned = resolveAssetParam(params.asset);
+  const from = getAddress(account.address);
+  return {
+    enforcement: "advisory",
+    from,
+    async sign(intent) {
+      if (getAddress(intent.from) !== from) {
+        return {
+          ok: false,
+          rejection: {
+            reason: "from_mismatch",
+            detail: `intent.from ${getAddress(intent.from)} does not equal signer.from ${from}`
+          }
+        };
+      }
+      if (getAddress(intent.token) !== pinned.verifyingContract) {
+        return {
+          ok: false,
+          rejection: {
+            reason: "token_not_allowed",
+            detail: `intent.token ${getAddress(intent.token)} does not equal the signer's pinned verifyingContract ${pinned.verifyingContract}`
+          }
+        };
+      }
+      const state = await spendState?.() ?? { spentPerToken: [] };
+      const nowSeconds = BigInt(Math.floor(Date.now() / 1e3));
+      const decision = evaluateSpendingPolicy(policy, intent, state, nowSeconds);
+      if (!decision.ok) {
+        return { ok: false, rejection: decision.rejection };
+      }
+      const signed = await signTransferWithAuthorization(
+        account,
+        {
+          name: pinned.name,
+          version: pinned.version,
+          chainId: intent.chainId,
+          verifyingContract: pinned.verifyingContract
+        },
+        {
+          from,
+          to: intent.to,
+          value: intent.value,
+          validAfter: intent.validAfter,
+          validBefore: intent.validBefore,
+          nonce: intent.nonce
+        }
+      );
+      return { ok: true, signature: signed.signature, intent };
+    },
+    describe() {
+      return {
+        enforcement: "advisory",
+        from,
+        policyId: policy.session.id,
+        notAfter: policy.session.notAfter,
+        revoked: policy.revoked
+      };
+    }
+  };
+}
+
+export { createLocalPolicyGatedSigner };
+//# sourceMappingURL=chunk-DYTONQW2.js.map
+//# sourceMappingURL=chunk-DYTONQW2.js.map

package/dist/chunk-DYTONQW2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/signer/local.ts"],"names":[],"mappings":";;;;AAgEO,SAAS,6BACf,MAAA,EACgC;AAChC,EAAA,IAAI,MAAA,CAAO,wBAAwB,IAAA,EAAM;AACxC,IAAA,MAAM,IAAI,4BAAA;AAAA,MACT,qBAAA;AAAA,MACA;AAAA,KACD;AAAA,EACD;AAEA,EAAA,MAAM,EAAE,OAAA,EAAS,MAAA,EAAQ,UAAA,EAAW,GAAI,MAAA;AACxC,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,MAAA,CAAO,KAAK,CAAA;AAC7C,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,OAAA,CAAQ,OAAO,CAAA;AAEvC,EAAA,OAAO;AAAA,IACN,WAAA,EAAa,UAAA;AAAA,IACb,IAAA;AAAA,IACA,MAAM,KAAK,MAAA,EAA4C;AACtD,MAAA,IAAI,UAAA,CAAW,MAAA,CAAO,IAAI,CAAA,KAAM,IAAA,EAAM;AACrC,QAAA,OAAO;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,SAAA,EAAW;AAAA,YACV,MAAA,EAAQ,eAAA;AAAA,YACR,QAAQ,CAAA,YAAA,EAAe,UAAA,CAAW,OAAO,IAAI,CAAC,+BAA+B,IAAI,CAAA;AAAA;AAClF,SACD;AAAA,MACD;AACA,MAAA,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,CAAA,KAAM,OAAO,iBAAA,EAAmB;AAC1D,QAAA,OAAO;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,SAAA,EAAW;AAAA,YACV,MAAA,EAAQ,mBAAA;AAAA,YACR,MAAA,EAAQ,gBAAgB,UAAA,CAAW,MAAA,CAAO,KAAK,CAAC,CAAA,sDAAA,EAAyD,OAAO,iBAAiB,CAAA;AAAA;AAClI,SACD;AAAA,MACD;AAEA,MAAA,MAAM,QAAqB,MAAM,UAAA,QAAmB,EAAE,aAAA,EAAe,EAAC,EAAE;AACxE,MAAA,MAAM,UAAA,GAAa,OAAO,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAC,CAAA;AACvD,MAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,MAAA,EAAQ,MAAA,EAAQ,OAAO,UAAU,CAAA;AACzE,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,SAAA,EAAW,SAAS,SAAA,EAAU;AAAA,MACnD;AAEA,MAAA,MAAM,SAAS,MAAM,6BAAA;AAAA,QACpB,OAAA;AAAA,QACA;AAAA,UACC,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,mBAAmB,MAAA,CAAO;AAAA,SAC3B;AAAA,QACA;AAAA,UACC,IAAA;AAAA,UACA,IAAI,MAAA,CAAO,EAAA;AAAA,UACX,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,YAAY,MAAA,CAAO,UAAA;AAAA,UACnB,aAAa,MAAA,CAAO,WAAA;AAAA,UACpB,OAAO,MAAA,CAAO;AAAA;AACf,OACD;AACA,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,SAAA,EAAW,MAAA,CAAO,WAAW,MAAA,EAAO;AAAA,IACxD,CAAA;AAAA,IACA,QAAA,GAA8B;AAC7B,MAAA,OAAO;AAAA,QACN,WAAA,EAAa,UAAA;AAAA,QACb,IAAA;AAAA,QACA,QAAA,EAAU,OAAO,OAAA,CAAQ,EAAA;AAAA,QACzB,QAAA,EAAU,OAAO,OAAA,CAAQ,QAAA;AAAA,QACzB,SAAS,MAAA,CAAO;AAAA,OACjB;AAAA,IACD;AAAA,GACD;AACD","file":"chunk-DYTONQW2.js","sourcesContent":["/**\n * The `local` PolicyGatedSigner adapter — `enforcement: \"advisory\"`.\n *\n * Wraps a viem {@link Account} + a {@link SpendingPolicy} + a pinned EIP-712\n * domain. `sign(intent)` evaluates the policy SDK-side and, on pass, produces a\n * real EIP-3009 authorization via {@link signTransferWithAuthorization}. It is\n * **advisory** because the wrapped key can still sign anything elsewhere — the\n * gate is only reached if the caller chooses to call *this* `sign()`. Use it for\n * dev, the A1 cross-language fallback, and any flow that is explicitly not\n * bounded/regulated; the type-gate (`requireNonBypassable`) keeps it out of\n * flows that require non-bypassable enforcement.\n *\n * @packageDocumentation\n */\n\nimport type { Account } from \"viem\";\nimport { getAddress } from \"viem\";\nimport type { SpendingPolicy, SpendState } from \"../policy/spending-policy\";\nimport { evaluateSpendingPolicy } from \"../policy/spending-policy\";\nimport type { X402AssetParam } from \"../tokens/asset-domain\";\nimport { resolveAssetParam } from \"../tokens/asset-domain\";\nimport { signTransferWithAuthorization } from \"../tokens/eip3009\";\nimport { PolicyGatedSignerConfigError } from \"./errors\";\nimport type { PaymentIntent, PolicyGatedSigner, SignerDescription, SignResult } from \"./types\";\n\n/** Parameters for {@link createLocalPolicyGatedSigner}. */\nexport interface CreateLocalPolicyGatedSignerParams {\n\t/** EOA / LocalAccount that signs the EIP-3009 authorization. */\n\treadonly account: Account;\n\t/** The spending policy this signer enforces (SDK-side, advisory). */\n\treadonly policy: SpendingPolicy;\n\t/** Asset binding — pins the EIP-712 domain `name`/`version`/`verifyingContract`. */\n\treadonly asset: X402AssetParam;\n\t/**\n\t * Required literal acknowledgement that this signer is **advisory** (a\n\t * key-holder can bypass its policy). Omitting it is a compile error (TS) and\n\t * a construction-time throw (JS) — so constructing an advisory signer is a\n\t * conscious, greppable act. For bounded/regulated flows use a cryptographic\n\t * adapter instead.\n\t */\n\treadonly acknowledgeAdvisory: true;\n\t/**\n\t * Optional cumulative-spend view (read-only) the adapter evaluates\n\t * `cumulativeCap` against. `local` does not own an authoritative ledger; the\n\t * caller folds a successful spend back in (e.g. via `mergeSpendState`) before\n\t * the next call. Default: empty.\n\t */\n\treadonly spendState?: () => SpendState | Promise<SpendState>;\n}\n\n/**\n * Construct a `local` (advisory) PolicyGatedSigner.\n *\n * @example\n * ```ts\n * const signer = createLocalPolicyGatedSigner({\n *   account,\n *   policy: createSpendingPolicy({ session: { id, notAfter }, perToken: [{ token: JPYC, maxPerSign: 1_000n }] }),\n *   asset: { kind: \"known\", id: \"jpyc-v2\" },\n *   acknowledgeAdvisory: true,\n * });\n * const result = await signer.sign(intent);\n * ```\n */\nexport function createLocalPolicyGatedSigner(\n\tparams: CreateLocalPolicyGatedSignerParams,\n): PolicyGatedSigner<\"advisory\"> {\n\tif (params.acknowledgeAdvisory !== true) {\n\t\tthrow new PolicyGatedSignerConfigError(\n\t\t\t\"acknowledgeAdvisory\",\n\t\t\t\"a local signer is advisory (a key-holder can bypass its policy); pass `acknowledgeAdvisory: true` to construct one consciously, or use a cryptographic adapter for bounded/regulated flows\",\n\t\t);\n\t}\n\n\tconst { account, policy, spendState } = params;\n\tconst pinned = resolveAssetParam(params.asset);\n\tconst from = getAddress(account.address);\n\n\treturn {\n\t\tenforcement: \"advisory\",\n\t\tfrom,\n\t\tasync sign(intent: PaymentIntent): Promise<SignResult> {\n\t\t\tif (getAddress(intent.from) !== from) {\n\t\t\t\treturn {\n\t\t\t\t\tok: false,\n\t\t\t\t\trejection: {\n\t\t\t\t\t\treason: \"from_mismatch\",\n\t\t\t\t\t\tdetail: `intent.from ${getAddress(intent.from)} does not equal signer.from ${from}`,\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\t\t\tif (getAddress(intent.token) !== pinned.verifyingContract) {\n\t\t\t\treturn {\n\t\t\t\t\tok: false,\n\t\t\t\t\trejection: {\n\t\t\t\t\t\treason: \"token_not_allowed\",\n\t\t\t\t\t\tdetail: `intent.token ${getAddress(intent.token)} does not equal the signer's pinned verifyingContract ${pinned.verifyingContract}`,\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\n\t\t\tconst state: SpendState = (await spendState?.()) ?? { spentPerToken: [] };\n\t\t\tconst nowSeconds = BigInt(Math.floor(Date.now() / 1000));\n\t\t\tconst decision = evaluateSpendingPolicy(policy, intent, state, nowSeconds);\n\t\t\tif (!decision.ok) {\n\t\t\t\treturn { ok: false, rejection: decision.rejection };\n\t\t\t}\n\n\t\t\tconst signed = await signTransferWithAuthorization(\n\t\t\t\taccount,\n\t\t\t\t{\n\t\t\t\t\tname: pinned.name,\n\t\t\t\t\tversion: pinned.version,\n\t\t\t\t\tchainId: intent.chainId,\n\t\t\t\t\tverifyingContract: pinned.verifyingContract,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tfrom,\n\t\t\t\t\tto: intent.to,\n\t\t\t\t\tvalue: intent.value,\n\t\t\t\t\tvalidAfter: intent.validAfter,\n\t\t\t\t\tvalidBefore: intent.validBefore,\n\t\t\t\t\tnonce: intent.nonce,\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn { ok: true, signature: signed.signature, intent };\n\t\t},\n\t\tdescribe(): SignerDescription {\n\t\t\treturn {\n\t\t\t\tenforcement: \"advisory\",\n\t\t\t\tfrom,\n\t\t\t\tpolicyId: policy.session.id,\n\t\t\t\tnotAfter: policy.session.notAfter,\n\t\t\t\trevoked: policy.revoked,\n\t\t\t};\n\t\t},\n\t};\n}\n"]}

package/dist/{chunk-Y6AJKMAL.js → chunk-E2EG72U2.js}

@@ -1,132 +1,12 @@
-import { JPYC_EIP712_DOMAIN_HINT, JPYC_V2_ADDRESS, X402InvalidPayloadError, X402_HEADER_PAYMENT_SIGNATURE, encodePaymentSignatureHeader, X402_HEADER_IDEMPOTENCY_KEY, X402_HEADER_PAYMENT_RESPONSE, decodePaymentResponseHeader, X402InvalidConfigError, X402_HEADER_PAYMENT_REQUIRED, decodePaymentRequiredHeader, jpycAbi } from './chunk-NRGSI52C.js';
+import { X402_HEADER_PAYMENT_SIGNATURE, encodePaymentSignatureHeader, X402_HEADER_IDEMPOTENCY_KEY, X402_HEADER_PAYMENT_RESPONSE, decodePaymentResponseHeader, X402_HEADER_PAYMENT_REQUIRED, decodePaymentRequiredHeader } from './chunk-PVUKX6IF.js';
+import { invokeHookSafely } from './chunk-LEHWRDVS.js';
 import { X402_VERSION, chainIdToX402Network, x402NetworkToChainId } from './chunk-QHUCU5YX.js';
+import { resolveAssetParam, authorizationDeadlineFromNow, deriveAuthorizationNonce, generateAuthorizationNonce, signTransferWithAuthorization, assertNonBypassable } from './chunk-VPRR3TNA.js';
+import { X402InvalidPayloadError, X402PolicyRejectedError } from './chunk-WMVJNPX2.js';
+import { jpycAbi, JPYC_V2_ADDRESS, JPYC_EIP712_DOMAIN_HINT } from './chunk-KT7XDT2T.js';
 import { getChain, isSupportedChainId } from './chunk-SOTYGX67.js';
-import { invokeHookSafely } from './chunk-LEHWRDVS.js';
-import { getAddress, keccak256, stringToHex, parseSignature, isAddress, recoverTypedDataAddress } from 'viem';
+import { getAddress, recoverTypedDataAddress, parseSignature, isAddress } from 'viem';
 
-var transferWithAuthorizationTypes = {
-  TransferWithAuthorization: [
-    { name: "from", type: "address" },
-    { name: "to", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "validAfter", type: "uint256" },
-    { name: "validBefore", type: "uint256" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-var receiveWithAuthorizationTypes = {
-  ReceiveWithAuthorization: [
-    { name: "from", type: "address" },
-    { name: "to", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "validAfter", type: "uint256" },
-    { name: "validBefore", type: "uint256" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-var cancelAuthorizationTypes = {
-  CancelAuthorization: [
-    { name: "authorizer", type: "address" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-function generateAuthorizationNonce() {
-  const bytes = new Uint8Array(32);
-  crypto.getRandomValues(bytes);
-  return `0x${Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("")}`;
-}
-var EIP3009_NONCE_DOMAIN_TAG = "kawasekit/eip3009-nonce/1";
-function deriveAuthorizationNonce(input, scope) {
-  if (input.idempotencyKey === "") {
-    throw new Error("deriveAuthorizationNonce: idempotencyKey must be a non-empty string");
-  }
-  const preimage = JSON.stringify([
-    EIP3009_NONCE_DOMAIN_TAG,
-    input.idempotencyKey,
-    getAddress(scope.from),
-    getAddress(scope.verifyingContract),
-    scope.chainId
-  ]);
-  return keccak256(stringToHex(preimage));
-}
-function authorizationDeadlineFromNow(seconds, nowSec) {
-  const now = nowSec ?? BigInt(Math.floor(Date.now() / 1e3));
-  return now + BigInt(seconds);
-}
-function requireSignTypedData(account) {
-  if (!account.signTypedData) {
-    throw new Error(
-      `Account ${account.address} cannot sign typed data \u2014 pass a LocalAccount or a JsonRpcAccount bound to a WalletClient.`
-    );
-  }
-  return account.signTypedData.bind(account);
-}
-function assertSignerMatches(account, expectedFrom, role) {
-  if (getAddress(account.address) !== getAddress(expectedFrom)) {
-    throw new Error(
-      `EIP-3009 ${role} signature must come from \`${role === "cancel" ? "authorizer" : "from"}\`: account is ${account.address}, message says ${expectedFrom}.`
-    );
-  }
-}
-async function signTransferWithAuthorization(account, domain, message) {
-  assertSignerMatches(account, message.from, "transfer");
-  const sign = requireSignTypedData(account);
-  const signature = await sign({
-    domain,
-    types: transferWithAuthorizationTypes,
-    primaryType: "TransferWithAuthorization",
-    message
-  });
-  return splitAuthorization(signature, domain, message);
-}
-async function signReceiveWithAuthorization(account, domain, message) {
-  assertSignerMatches(account, message.from, "receive");
-  const sign = requireSignTypedData(account);
-  const signature = await sign({
-    domain,
-    types: receiveWithAuthorizationTypes,
-    primaryType: "ReceiveWithAuthorization",
-    message
-  });
-  return splitAuthorization(signature, domain, message);
-}
-async function signCancelAuthorization(account, domain, message) {
-  assertSignerMatches(account, message.authorizer, "cancel");
-  const sign = requireSignTypedData(account);
-  const signature = await sign({
-    domain,
-    types: cancelAuthorizationTypes,
-    primaryType: "CancelAuthorization",
-    message
-  });
-  return splitAuthorization(signature, domain, message);
-}
-function splitAuthorization(signature, domain, message) {
-  const parsed = parseSignature(signature);
-  const v = parsed.v !== void 0 ? Number(parsed.v) : (parsed.yParity ?? 0) + 27;
-  return {
-    signature,
-    v,
-    r: parsed.r,
-    s: parsed.s,
-    domain,
-    message
-  };
-}
-var KNOWN_ASSETS = [
-  {
-    id: "jpyc-v2",
-    name: JPYC_EIP712_DOMAIN_HINT.name,
-    version: JPYC_EIP712_DOMAIN_HINT.version,
-    verifyingContract: getAddress(JPYC_V2_ADDRESS)
-  }
-];
-function getKnownAssetDomain(id) {
-  return KNOWN_ASSETS.find((entry) => entry.id === id);
-}
-function listKnownAssetIds() {
-  return KNOWN_ASSETS.map((entry) => entry.id);
-}
 var X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS = 300;
 var UINT256_MAX = (1n << 256n) - 1n;
 var UINT256_DECIMAL = /^(0|[1-9][0-9]*)$/;
@@ -155,53 +35,6 @@ function assertAddress(value, field) {
   }
   return value;
 }
-function resolveAssetParam(asset) {
-  if (asset.kind === "known") {
-    const entry = getKnownAssetDomain(asset.id);
-    if (entry === void 0) {
-      throw new X402InvalidConfigError(
-        "asset.id",
-        `unknown asset id ${JSON.stringify(asset.id)}. Supported: ${listKnownAssetIds().map((id) => JSON.stringify(id)).join(", ")}.`
-      );
-    }
-    return {
-      name: entry.name,
-      version: entry.version,
-      verifyingContract: entry.verifyingContract
-    };
-  }
-  if (asset.kind === "unsafeOverride") {
-    const { domain } = asset;
-    if (typeof domain.name !== "string" || domain.name === "") {
-      throw new X402InvalidConfigError(
-        "asset.domain.name",
-        "`unsafeOverride.domain.name` must be a non-empty string"
-      );
-    }
-    if (typeof domain.version !== "string" || domain.version === "") {
-      throw new X402InvalidConfigError(
-        "asset.domain.version",
-        "`unsafeOverride.domain.version` must be a non-empty string"
-      );
-    }
-    if (!isAddress(domain.verifyingContract, { strict: false })) {
-      throw new X402InvalidConfigError(
-        "asset.domain.verifyingContract",
-        `\`unsafeOverride.domain.verifyingContract\` must be a valid address, got ${JSON.stringify(domain.verifyingContract)}`
-      );
-    }
-    return {
-      name: domain.name,
-      version: domain.version,
-      verifyingContract: getAddress(domain.verifyingContract)
-    };
-  }
-  const exhaustive = asset;
-  throw new X402InvalidConfigError(
-    "asset.kind",
-    `unsupported kind ${JSON.stringify(exhaustive.kind)}. Expected "known" or "unsafeOverride".`
-  );
-}
 function validateRequirements(requirements) {
   if (requirements.scheme !== "exact") {
     throw new X402InvalidPayloadError(
@@ -231,6 +64,9 @@ function validateRequirements(requirements) {
   return { chainId, value, asset, payTo };
 }
 function createX402PaymentSigner(params) {
+  if (params.signer !== void 0) {
+    return createSignerBackedX402PaymentSigner(params);
+  }
   const { account, network } = params;
   const defaultLifetimeSeconds = params.defaultLifetimeSeconds ?? X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS;
   if (defaultLifetimeSeconds <= 0) {
@@ -336,6 +172,96 @@ function createX402PaymentSigner(params) {
     }
   };
 }
+function createSignerBackedX402PaymentSigner(params) {
+  const { signer, network } = params;
+  const defaultLifetimeSeconds = params.defaultLifetimeSeconds ?? X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS;
+  if (defaultLifetimeSeconds <= 0) {
+    throw new X402InvalidPayloadError(
+      "X402PaymentSignerConfig",
+      `\`defaultLifetimeSeconds\` must be positive, got ${defaultLifetimeSeconds}`
+    );
+  }
+  if (params.requireEnforcement !== void 0) {
+    assertNonBypassable(signer);
+  }
+  const pinnedDomain = resolveAssetParam(params.asset);
+  const from = signer.from;
+  return {
+    address: from,
+    async sign(signParams) {
+      const { paymentRequirements } = signParams;
+      const { chainId, value, asset, payTo } = validateRequirements(paymentRequirements);
+      const chain = getChain(chainId);
+      if (network === "mainnet" && chain.isTestnet) {
+        throw new X402InvalidPayloadError(
+          "PaymentRequirements",
+          `signer was configured for network="mainnet" but requirements.network="${paymentRequirements.network}" (chainId ${chainId}) is a testnet`
+        );
+      }
+      if (network === "testnet" && !chain.isTestnet) {
+        throw new X402InvalidPayloadError(
+          "PaymentRequirements",
+          `signer was configured for network="testnet" but requirements.network="${paymentRequirements.network}" (chainId ${chainId}) is a mainnet \u2014 refusing to sign payment for real funds`
+        );
+      }
+      if (getAddress(asset) !== pinnedDomain.verifyingContract) {
+        throw new X402InvalidPayloadError(
+          "PaymentRequirements",
+          `requirements.asset (${getAddress(asset)}) does not match the signer's pinned verifyingContract (${pinnedDomain.verifyingContract}) \u2014 refusing to sign for an asset the signer was not configured to handle`
+        );
+      }
+      const lifetime = Math.min(defaultLifetimeSeconds, paymentRequirements.maxTimeoutSeconds);
+      const validAfter = signParams.validAfter ?? 0n;
+      const validBefore = signParams.validBefore ?? authorizationDeadlineFromNow(lifetime);
+      if (validBefore <= validAfter) {
+        throw new X402InvalidPayloadError(
+          "PaymentRequirements",
+          `\`validBefore\` (${validBefore}) must be greater than \`validAfter\` (${validAfter})`
+        );
+      }
+      const nonce = signParams.idempotencyKey !== void 0 ? deriveAuthorizationNonce(
+        { idempotencyKey: signParams.idempotencyKey },
+        { from, verifyingContract: pinnedDomain.verifyingContract, chainId }
+      ) : generateAuthorizationNonce();
+      const intent = {
+        token: pinnedDomain.verifyingContract,
+        chainId,
+        from,
+        to: payTo,
+        value,
+        validAfter,
+        validBefore,
+        nonce
+      };
+      const signResult = await signer.sign(intent);
+      if (!signResult.ok) {
+        throw new X402PolicyRejectedError(signResult.rejection);
+      }
+      const payload = {
+        signature: signResult.signature,
+        authorization: {
+          from,
+          to: payTo,
+          value: value.toString(),
+          validAfter: validAfter.toString(),
+          validBefore: validBefore.toString(),
+          nonce
+        }
+      };
+      const result = signParams.resource ? {
+        x402Version: X402_VERSION,
+        resource: signParams.resource,
+        accepted: paymentRequirements,
+        payload: { ...payload }
+      } : {
+        x402Version: X402_VERSION,
+        accepted: paymentRequirements,
+        payload: { ...payload }
+      };
+      return result;
+    }
+  };
+}
 var X402_FACILITATOR_ERROR_CODES = {
   insufficient_funds: "insufficient_funds",
   invalid_exact_evm_payload_authorization_valid_after: "invalid_exact_evm_payload_authorization_valid_after",
@@ -958,6 +884,6 @@ function wrapFetch(params) {
   };
 }
 
-export { X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, X402_FACILITATOR_ERROR_CODES, authorizationDeadlineFromNow, createCoinbaseFacilitator, createHttpFacilitator, createSelfFacilitator, createX402PaymentSigner, deriveAuthorizationNonce, deriveReceiptTimeoutMs, generateAuthorizationNonce, getKnownAssetDomain, listKnownAssetIds, signCancelAuthorization, signReceiveWithAuthorization, signTransferWithAuthorization, wrapFetch };
-//# sourceMappingURL=chunk-Y6AJKMAL.js.map
-//# sourceMappingURL=chunk-Y6AJKMAL.js.map
+export { X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, X402_FACILITATOR_ERROR_CODES, createCoinbaseFacilitator, createHttpFacilitator, createSelfFacilitator, createX402PaymentSigner, deriveReceiptTimeoutMs, wrapFetch };
+//# sourceMappingURL=chunk-E2EG72U2.js.map
+//# sourceMappingURL=chunk-E2EG72U2.js.map