moltspay 0.7.2 → 0.8.1

package/dist/index.mjs

@@ -30333,10 +30333,6 @@ init_esm_shims();
 import { readFileSync } from "fs";
 import { createServer } from "http";
 
-// src/verify/index.ts
-init_esm_shims();
-import { ethers } from "ethers";
-
 // src/chains/index.ts
 init_esm_shims();
 var CHAINS = {
@@ -30415,165 +30411,33 @@ var ERC20_ABI = [
   "event Approval(address indexed owner, address indexed spender, uint256 value)"
 ];
 
-// src/verify/index.ts
-var TRANSFER_EVENT_TOPIC = ethers.id("Transfer(address,address,uint256)");
-async function verifyPayment(params) {
-  const { txHash, expectedAmount, expectedTo } = params;
-  let chain2;
-  try {
-    if (typeof params.chain === "number") {
-      chain2 = getChainById(params.chain);
-    } else {
-      chain2 = getChain(params.chain || "base");
-    }
-    if (!chain2) {
-      return { verified: false, error: `Unsupported chain: ${params.chain}` };
-    }
-  } catch (e) {
-    return { verified: false, error: `Unsupported chain: ${params.chain}` };
-  }
-  try {
-    const provider = new ethers.JsonRpcProvider(chain2.rpc);
-    const receipt = await provider.getTransactionReceipt(txHash);
-    if (!receipt) {
-      return { verified: false, error: "Transaction not found or not confirmed" };
-    }
-    if (receipt.status !== 1) {
-      return { verified: false, error: "Transaction failed" };
-    }
-    const usdcAddress = chain2.usdc?.toLowerCase();
-    if (!usdcAddress) {
-      return { verified: false, error: `Chain ${chain2.name} USDC address not configured` };
-    }
-    for (const log of receipt.logs) {
-      if (log.address.toLowerCase() !== usdcAddress) {
-        continue;
-      }
-      if (log.topics.length < 3 || log.topics[0] !== TRANSFER_EVENT_TOPIC) {
-        continue;
-      }
-      const from = "0x" + log.topics[1].slice(-40);
-      const to = "0x" + log.topics[2].slice(-40);
-      const amountRaw = BigInt(log.data);
-      const amount = Number(amountRaw) / 1e6;
-      if (expectedTo && to.toLowerCase() !== expectedTo.toLowerCase()) {
-        continue;
-      }
-      if (amount < expectedAmount) {
-        return {
-          verified: false,
-          error: `Insufficient amount: received ${amount} USDC, expected ${expectedAmount} USDC`,
-          amount,
-          from,
-          to,
-          txHash,
-          blockNumber: receipt.blockNumber
-        };
-      }
-      return {
-        verified: true,
-        amount,
-        from,
-        to,
-        txHash,
-        blockNumber: receipt.blockNumber
-      };
-    }
-    return { verified: false, error: "No USDC transfer found" };
-  } catch (e) {
-    return { verified: false, error: e.message || String(e) };
-  }
-}
-async function getTransactionStatus(txHash, chain2 = "base") {
-  let chainConfig;
-  try {
-    chainConfig = typeof chain2 === "number" ? getChainById(chain2) : getChain(chain2);
-    if (!chainConfig) return { status: "not_found" };
-  } catch {
-    return { status: "not_found" };
-  }
-  try {
-    const provider = new ethers.JsonRpcProvider(chainConfig.rpc);
-    const receipt = await provider.getTransactionReceipt(txHash);
-    if (!receipt) {
-      const tx = await provider.getTransaction(txHash);
-      if (tx) {
-        return { status: "pending" };
-      }
-      return { status: "not_found" };
-    }
-    const currentBlock = await provider.getBlockNumber();
-    const confirmations = currentBlock - receipt.blockNumber;
-    if (receipt.status === 1) {
-      return {
-        status: "confirmed",
-        blockNumber: receipt.blockNumber,
-        confirmations
-      };
-    } else {
-      return {
-        status: "failed",
-        blockNumber: receipt.blockNumber
-      };
-    }
-  } catch {
-    return { status: "not_found" };
-  }
-}
-async function waitForTransaction(txHash, chain2 = "base", confirmations = 1, timeoutMs = 6e4) {
-  let chainConfig;
-  try {
-    chainConfig = typeof chain2 === "number" ? getChainById(chain2) : getChain(chain2);
-    if (!chainConfig) {
-      return { verified: false, confirmed: false, error: `Unsupported chain: ${chain2}` };
-    }
-  } catch (e) {
-    return { verified: false, confirmed: false, error: `Unsupported chain: ${chain2}` };
-  }
-  const provider = new ethers.JsonRpcProvider(chainConfig.rpc);
-  try {
-    const receipt = await provider.waitForTransaction(txHash, confirmations, timeoutMs);
-    if (!receipt) {
-      return { verified: false, confirmed: false, error: "Timeout waiting" };
-    }
-    if (receipt.status !== 1) {
-      return { verified: false, confirmed: true, error: "Transaction failed" };
-    }
-    return {
-      verified: true,
-      confirmed: true,
-      txHash,
-      blockNumber: receipt.blockNumber
-    };
-  } catch (e) {
-    return { verified: false, confirmed: false, error: e.message || String(e) };
-  }
-}
-
 // src/server/types.ts
 init_esm_shims();
 
 // src/server/index.ts
-function generateChargeId() {
-  return "ch_" + Math.random().toString(36).substring(2, 15);
-}
+var X402_VERSION = 2;
+var PAYMENT_REQUIRED_HEADER = "x-payment-required";
+var PAYMENT_HEADER = "x-payment";
+var PAYMENT_RESPONSE_HEADER = "x-payment-response";
+var DEFAULT_FACILITATOR_URL = "https://x402.org/facilitator";
 var MoltsPayServer = class {
   manifest;
   skills = /* @__PURE__ */ new Map();
-  charges = /* @__PURE__ */ new Map();
   options;
+  facilitatorUrl;
   constructor(servicesPath, options = {}) {
     const content = readFileSync(servicesPath, "utf-8");
     this.manifest = JSON.parse(content);
     this.options = {
       port: options.port || 3e3,
-      host: options.host || "0.0.0.0",
-      chargeExpirySecs: options.chargeExpirySecs || 300
-      // 5 minutes
+      host: options.host || "0.0.0.0"
     };
+    this.facilitatorUrl = options.facilitatorUrl || DEFAULT_FACILITATOR_URL;
     console.log(`[MoltsPay] Loaded ${this.manifest.services.length} services from ${servicesPath}`);
     console.log(`[MoltsPay] Provider: ${this.manifest.provider.name}`);
-    console.log(`[MoltsPay] Wallet: ${this.manifest.provider.wallet}`);
+    console.log(`[MoltsPay] Receive wallet: ${this.manifest.provider.wallet}`);
+    console.log(`[MoltsPay] Facilitator: ${this.facilitatorUrl}`);
+    console.log(`[MoltsPay] Protocol: x402 (gasless for both client AND server)`);
   }
   /**
    * Register a skill handler for a service
@@ -30583,56 +30447,45 @@ var MoltsPayServer = class {
     if (!config) {
       throw new Error(`Service '${serviceId}' not found in manifest`);
     }
-    this.skills.set(serviceId, {
-      id: serviceId,
-      config,
-      handler
-    });
-    console.log(`[MoltsPay] Registered skill: ${serviceId} ($${config.price} ${config.currency})`);
+    this.skills.set(serviceId, { id: serviceId, config, handler });
     return this;
   }
   /**
-   * Start the server
+   * Start HTTP server
    */
   listen(port) {
-    const p = port || this.options.port;
+    const p = port || this.options.port || 3e3;
+    const host = this.options.host || "0.0.0.0";
     const server = createServer((req, res) => this.handleRequest(req, res));
-    server.listen(p, this.options.host, () => {
-      console.log(`[MoltsPay] Server listening on http://${this.options.host}:${p}`);
+    server.listen(p, host, () => {
+      console.log(`[MoltsPay] Server listening on http://${host}:${p}`);
       console.log(`[MoltsPay] Endpoints:`);
-      console.log(`  GET  /services  - List available services`);
-      console.log(`  POST /pay       - Create payment & execute service`);
-      console.log(`  POST /verify    - Verify payment & get result`);
-      console.log(`  GET  /status/:id - Check charge status`);
+      console.log(`  GET  /services     - List available services`);
+      console.log(`  POST /execute      - Execute service (x402 payment)`);
     });
   }
+  /**
+   * Handle incoming request
+   */
   async handleRequest(req, res) {
-    const url = new URL(req.url || "/", `http://${req.headers.host}`);
-    const path3 = url.pathname;
-    const method = req.method || "GET";
     res.setHeader("Access-Control-Allow-Origin", "*");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-    if (method === "OPTIONS") {
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Payment");
+    res.setHeader("Access-Control-Expose-Headers", "X-Payment-Required, X-Payment-Response");
+    if (req.method === "OPTIONS") {
       res.writeHead(204);
       res.end();
       return;
     }
     try {
-      if (method === "GET" && path3 === "/services") {
+      const url = new URL(req.url || "/", `http://${req.headers.host}`);
+      if (url.pathname === "/services" && req.method === "GET") {
         return this.handleGetServices(res);
       }
-      if (method === "POST" && path3 === "/pay") {
-        const body = await this.readBody(req);
-        return this.handlePay(body, res);
-      }
-      if (method === "POST" && path3 === "/verify") {
+      if (url.pathname === "/execute" && req.method === "POST") {
         const body = await this.readBody(req);
-        return this.handleVerify(body, res);
-      }
-      if (method === "GET" && path3.startsWith("/status/")) {
-        const chargeId = path3.replace("/status/", "");
-        return this.handleStatus(chargeId, res);
+        const paymentHeader = req.headers[PAYMENT_HEADER];
+        return await this.handleExecute(body, paymentHeader, res);
       }
       this.sendJson(res, 404, { error: "Not found" });
     } catch (err) {
@@ -30644,6 +30497,7 @@ var MoltsPayServer = class {
    * GET /services - List available services
    */
   handleGetServices(res) {
+    const chain2 = getChain(this.manifest.provider.chain);
     const services = this.manifest.services.map((s) => ({
       id: s.id,
       name: s.name,
@@ -30656,14 +30510,21 @@ var MoltsPayServer = class {
     }));
     this.sendJson(res, 200, {
       provider: this.manifest.provider,
-      services
+      services,
+      x402: {
+        version: X402_VERSION,
+        network: `eip155:${chain2.chainId}`,
+        schemes: ["exact"],
+        facilitator: this.facilitatorUrl
+      }
     });
   }
   /**
-   * POST /pay - Create payment request
+   * POST /execute - Execute service with x402 payment
    * Body: { service: string, params: object }
+   * Header: X-Payment (optional - if missing, returns 402)
    */
-  handlePay(body, res) {
+  async handleExecute(body, paymentHeader, res) {
     const { service, params } = body;
     if (!service) {
       return this.sendJson(res, 400, { error: "Missing service" });
@@ -30677,113 +30538,162 @@ var MoltsPayServer = class {
         return this.sendJson(res, 400, { error: `Missing required param: ${key}` });
       }
     }
-    const chargeId = generateChargeId();
-    const now = Date.now();
-    const charge = {
-      id: chargeId,
-      service,
-      params: params || {},
-      amount: skill.config.price,
-      currency: skill.config.currency,
-      status: "pending",
-      createdAt: now,
-      expiresAt: now + this.options.chargeExpirySecs * 1e3
-    };
-    this.charges.set(chargeId, charge);
-    const paymentRequest = {
-      chargeId,
-      service,
-      amount: charge.amount,
-      currency: charge.currency,
-      wallet: this.manifest.provider.wallet,
-      chain: this.manifest.provider.chain,
-      expiresAt: charge.expiresAt
-    };
-    this.sendJson(res, 402, {
-      message: "Payment required",
-      payment: paymentRequest
+    if (!paymentHeader) {
+      return this.sendPaymentRequired(skill.config, res);
+    }
+    let payment;
+    try {
+      const decoded = Buffer.from(paymentHeader, "base64").toString("utf-8");
+      payment = JSON.parse(decoded);
+    } catch {
+      return this.sendJson(res, 400, { error: "Invalid X-Payment header" });
+    }
+    const validation = this.validatePayment(payment, skill.config);
+    if (!validation.valid) {
+      return this.sendJson(res, 402, { error: validation.error });
+    }
+    console.log(`[MoltsPay] Verifying payment with facilitator...`);
+    const verifyResult = await this.verifyWithFacilitator(payment, skill.config);
+    if (!verifyResult.valid) {
+      return this.sendJson(res, 402, { error: `Payment verification failed: ${verifyResult.error}` });
+    }
+    console.log(`[MoltsPay] Executing skill: ${service}`);
+    let result;
+    try {
+      result = await skill.handler(params || {});
+    } catch (err) {
+      console.error("[MoltsPay] Skill execution failed:", err.message);
+      return this.sendJson(res, 500, {
+        error: "Service execution failed",
+        message: err.message
+      });
+    }
+    console.log(`[MoltsPay] Skill succeeded, settling payment...`);
+    let settlement = null;
+    try {
+      settlement = await this.settleWithFacilitator(payment, skill.config);
+      console.log(`[MoltsPay] Payment settled: ${settlement.transaction || "pending"}`);
+    } catch (err) {
+      console.error("[MoltsPay] Settlement failed:", err.message);
+    }
+    const responseHeaders = {};
+    if (settlement) {
+      const responsePayload = {
+        success: true,
+        transaction: settlement.transaction,
+        network: payment.network
+      };
+      responseHeaders[PAYMENT_RESPONSE_HEADER] = Buffer.from(
+        JSON.stringify(responsePayload)
+      ).toString("base64");
+    }
+    this.sendJson(res, 200, {
+      success: true,
+      result,
+      payment: settlement ? { transaction: settlement.transaction, status: "settled" } : { status: "pending" }
+    }, responseHeaders);
+  }
+  /**
+   * Return 402 with x402 payment requirements
+   */
+  sendPaymentRequired(config, res) {
+    const chain2 = getChain(this.manifest.provider.chain);
+    const amountInUnits = Math.floor(config.price * 1e6).toString();
+    const requirements = [{
+      scheme: "exact",
+      network: `eip155:${chain2.chainId}`,
+      maxAmountRequired: amountInUnits,
+      resource: this.manifest.provider.wallet,
+      description: `${config.name} - $${config.price} ${config.currency}`,
+      // Include facilitator info for client
+      extra: JSON.stringify({ facilitator: this.facilitatorUrl })
+    }];
+    const encoded = Buffer.from(JSON.stringify(requirements)).toString("base64");
+    res.writeHead(402, {
+      "Content-Type": "application/json",
+      [PAYMENT_REQUIRED_HEADER]: encoded
     });
+    res.end(JSON.stringify({
+      error: "Payment required",
+      message: `Service requires $${config.price} ${config.currency}`,
+      x402: requirements[0]
+    }, null, 2));
   }
   /**
-   * POST /verify - Verify payment and execute skill
-   * Body: { chargeId: string, txHash: string }
+   * Basic payment validation (before calling facilitator)
    */
-  async handleVerify(body, res) {
-    const { chargeId, txHash } = body;
-    if (!chargeId || !txHash) {
-      return this.sendJson(res, 400, { error: "Missing chargeId or txHash" });
+  validatePayment(payment, config) {
+    if (payment.x402Version !== X402_VERSION) {
+      return { valid: false, error: `Unsupported x402 version: ${payment.x402Version}` };
     }
-    const charge = this.charges.get(chargeId);
-    if (!charge) {
-      return this.sendJson(res, 404, { error: "Charge not found" });
+    if (payment.scheme !== "exact") {
+      return { valid: false, error: `Unsupported scheme: ${payment.scheme}` };
     }
-    if (Date.now() > charge.expiresAt) {
-      charge.status = "expired";
-      return this.sendJson(res, 400, { error: "Charge expired" });
-    }
-    if (charge.status === "completed") {
-      return this.sendJson(res, 200, {
-        status: "completed",
-        result: charge.result
-      });
+    const chain2 = getChain(this.manifest.provider.chain);
+    const expectedNetwork = `eip155:${chain2.chainId}`;
+    if (payment.network !== expectedNetwork) {
+      return { valid: false, error: `Network mismatch: expected ${expectedNetwork}` };
     }
+    return { valid: true };
+  }
+  /**
+   * Verify payment with facilitator
+   */
+  async verifyWithFacilitator(payment, config) {
     try {
-      const verification = await verifyPayment({
-        txHash,
-        expectedTo: this.manifest.provider.wallet,
-        expectedAmount: charge.amount,
-        chain: this.manifest.provider.chain
+      const chain2 = getChain(this.manifest.provider.chain);
+      const amountInUnits = Math.floor(config.price * 1e6).toString();
+      const requirements = {
+        scheme: "exact",
+        network: `eip155:${chain2.chainId}`,
+        maxAmountRequired: amountInUnits,
+        resource: this.manifest.provider.wallet
+      };
+      const response = await fetch(`${this.facilitatorUrl}/verify`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          paymentPayload: payment,
+          paymentRequirements: requirements
+        })
       });
-      if (!verification.verified) {
-        charge.status = "failed";
-        return this.sendJson(res, 400, {
-          error: "Payment verification failed",
-          reason: verification.error
-        });
+      const result = await response.json();
+      if (!response.ok || !result.isValid) {
+        return { valid: false, error: result.invalidReason || "Verification failed" };
       }
-      charge.status = "paid";
-      charge.txHash = txHash;
-      charge.paidAt = Date.now();
-      const skill = this.skills.get(charge.service);
-      console.log(`[MoltsPay] Executing skill: ${charge.service}`);
-      const result = await skill.handler(charge.params);
-      charge.status = "completed";
-      charge.result = result;
-      charge.completedAt = Date.now();
-      this.sendJson(res, 200, {
-        status: "completed",
-        chargeId,
-        txHash,
-        result
-      });
+      return { valid: true };
     } catch (err) {
-      console.error("[MoltsPay] Skill execution error:", err);
-      charge.status = "failed";
-      this.sendJson(res, 500, {
-        error: "Skill execution failed",
-        message: err.message
-      });
+      return { valid: false, error: `Facilitator error: ${err.message}` };
     }
   }
   /**
-   * GET /status/:chargeId - Check charge status
+   * Settle payment with facilitator (execute on-chain transfer)
    */
-  handleStatus(chargeId, res) {
-    const charge = this.charges.get(chargeId);
-    if (!charge) {
-      return this.sendJson(res, 404, { error: "Charge not found" });
-    }
-    this.sendJson(res, 200, {
-      chargeId: charge.id,
-      service: charge.service,
-      amount: charge.amount,
-      currency: charge.currency,
-      status: charge.status,
-      txHash: charge.txHash,
-      result: charge.status === "completed" ? charge.result : void 0,
-      createdAt: charge.createdAt,
-      expiresAt: charge.expiresAt
+  async settleWithFacilitator(payment, config) {
+    const chain2 = getChain(this.manifest.provider.chain);
+    const amountInUnits = Math.floor(config.price * 1e6).toString();
+    const requirements = {
+      scheme: "exact",
+      network: `eip155:${chain2.chainId}`,
+      maxAmountRequired: amountInUnits,
+      resource: this.manifest.provider.wallet
+    };
+    const response = await fetch(`${this.facilitatorUrl}/settle`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        paymentPayload: payment,
+        paymentRequirements: requirements
+      })
     });
+    const result = await response.json();
+    if (!response.ok) {
+      throw new Error(result.error || "Settlement failed");
+    }
+    return {
+      transaction: result.transaction,
+      status: result.status || "settled"
+    };
   }
   async readBody(req) {
     return new Promise((resolve, reject) => {
@@ -30799,8 +30709,12 @@ var MoltsPayServer = class {
       req.on("error", reject);
     });
   }
-  sendJson(res, status, data) {
-    res.writeHead(status, { "Content-Type": "application/json" });
+  sendJson(res, status, data, extraHeaders) {
+    const headers = { "Content-Type": "application/json" };
+    if (extraHeaders) {
+      Object.assign(headers, extraHeaders);
+    }
+    res.writeHead(status, headers);
     res.end(JSON.stringify(data, null, 2));
   }
 };
@@ -30810,12 +30724,15 @@ init_esm_shims();
 import { existsSync, readFileSync as readFileSync2, writeFileSync, mkdirSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
-import { Wallet } from "ethers";
+import { Wallet, ethers } from "ethers";
 
 // src/client/types.ts
 init_esm_shims();
 
 // src/client/index.ts
+var X402_VERSION2 = 2;
+var PAYMENT_REQUIRED_HEADER2 = "x-payment-required";
+var PAYMENT_HEADER2 = "x-payment";
 var DEFAULT_CONFIG = {
   chain: "base",
   limits: {
@@ -30879,43 +30796,112 @@ var MoltsPayClient = class {
     return res.json();
   }
   /**
-   * Pay for a service and get the result
+   * Pay for a service and get the result (x402 protocol)
+   * 
+   * This is GASLESS for the client - server pays gas to claim payment.
+   * This is PAY-FOR-SUCCESS - payment only claimed if service succeeds.
    */
   async pay(serverUrl, service, params) {
-    if (!this.wallet) {
+    if (!this.wallet || !this.walletData) {
       throw new Error("Client not initialized. Run: npx moltspay init");
     }
-    const payRes = await fetch(`${serverUrl}/pay`, {
+    console.log(`[MoltsPay] Requesting service: ${service}`);
+    const initialRes = await fetch(`${serverUrl}/execute`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ service, params })
     });
-    if (payRes.status !== 402) {
-      const err = await payRes.json();
-      throw new Error(err.error || "Unexpected response");
+    if (initialRes.status !== 402) {
+      const data = await initialRes.json();
+      if (initialRes.ok && data.result) {
+        return data.result;
+      }
+      throw new Error(data.error || "Unexpected response");
+    }
+    const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER2);
+    if (!paymentRequiredHeader) {
+      throw new Error("Missing x-payment-required header");
+    }
+    let requirements;
+    try {
+      const decoded = Buffer.from(paymentRequiredHeader, "base64").toString("utf-8");
+      requirements = JSON.parse(decoded);
+      if (!Array.isArray(requirements)) {
+        requirements = [requirements];
+      }
+    } catch {
+      throw new Error("Invalid x-payment-required header");
     }
-    const paymentReq = await payRes.json();
-    const { payment } = paymentReq;
-    this.checkLimits(payment.amount);
-    console.log(`[MoltsPay] Paying $${payment.amount} ${payment.currency} to ${payment.wallet}`);
-    const txHash = await this.executePayment(payment);
-    console.log(`[MoltsPay] Payment tx: ${txHash}`);
-    const verifyRes = await fetch(`${serverUrl}/verify`, {
+    const chain2 = getChain(this.config.chain);
+    const network = `eip155:${chain2.chainId}`;
+    const req = requirements.find((r) => r.scheme === "exact" && r.network === network);
+    if (!req) {
+      throw new Error(`No matching payment option for ${network}`);
+    }
+    const amount = Number(req.maxAmountRequired) / 1e6;
+    this.checkLimits(amount);
+    console.log(`[MoltsPay] Signing payment: $${amount} USDC (gasless)`);
+    const authorization = await this.signEIP3009(req.resource, amount, chain2);
+    const payload = {
+      x402Version: X402_VERSION2,
+      scheme: "exact",
+      network,
+      payload: authorization
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    console.log(`[MoltsPay] Sending request with payment...`);
+    const paidRes = await fetch(`${serverUrl}/execute`, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        chargeId: payment.chargeId,
-        txHash
-      })
+      headers: {
+        "Content-Type": "application/json",
+        [PAYMENT_HEADER2]: paymentHeader
+      },
+      body: JSON.stringify({ service, params })
     });
-    if (!verifyRes.ok) {
-      const err = await verifyRes.json();
-      throw new Error(err.error || "Verification failed");
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Service execution failed");
     }
-    const result = await verifyRes.json();
-    this.recordSpending(payment.amount);
+    this.recordSpending(amount);
+    console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
     return result.result;
   }
+  /**
+   * Sign EIP-3009 transferWithAuthorization (GASLESS)
+   * This only signs - no on-chain transaction, no gas needed.
+   */
+  async signEIP3009(to, amount, chain2) {
+    const validAfter = 0;
+    const validBefore = Math.floor(Date.now() / 1e3) + 3600;
+    const nonce = ethers.hexlify(ethers.randomBytes(32));
+    const value = BigInt(Math.floor(amount * 1e6)).toString();
+    const authorization = {
+      from: this.wallet.address,
+      to,
+      value,
+      validAfter: validAfter.toString(),
+      validBefore: validBefore.toString(),
+      nonce
+    };
+    const domain = {
+      name: "USD Coin",
+      version: "2",
+      chainId: chain2.chainId,
+      verifyingContract: chain2.usdc
+    };
+    const types = {
+      TransferWithAuthorization: [
+        { name: "from", type: "address" },
+        { name: "to", type: "address" },
+        { name: "value", type: "uint256" },
+        { name: "validAfter", type: "uint256" },
+        { name: "validBefore", type: "uint256" },
+        { name: "nonce", type: "bytes32" }
+      ]
+    };
+    const signature = await this.wallet.signTypedData(domain, types, authorization);
+    return { authorization, signature };
+  }
   /**
    * Check spending limits
    */
@@ -30942,36 +30928,6 @@ var MoltsPayClient = class {
   recordSpending(amount) {
     this.todaySpending += amount;
   }
-  /**
-   * Execute payment on-chain
-   */
-  async executePayment(payment) {
-    let chain2;
-    try {
-      chain2 = getChain(payment.chain);
-    } catch {
-      throw new Error(`Unknown chain: ${payment.chain}`);
-    }
-    const { ethers: ethers4 } = await import("ethers");
-    const provider = new ethers4.JsonRpcProvider(chain2.rpc);
-    const signer = new ethers4.Wallet(this.walletData.privateKey, provider);
-    const usdcAddress = chain2.usdc;
-    const usdcAbi = [
-      "function transfer(address to, uint256 amount) returns (bool)",
-      "function balanceOf(address account) view returns (uint256)"
-    ];
-    const usdc = new ethers4.Contract(usdcAddress, usdcAbi, signer);
-    const amountInUnits = ethers4.parseUnits(payment.amount.toString(), 6);
-    const balance = await usdc.balanceOf(this.wallet.address);
-    if (balance < amountInUnits) {
-      throw new Error(
-        `Insufficient USDC balance: ${ethers4.formatUnits(balance, 6)} < ${payment.amount}`
-      );
-    }
-    const tx = await usdc.transfer(payment.wallet, amountInUnits);
-    const receipt = await tx.wait();
-    return receipt.hash;
-  }
   // --- Config & Wallet Management ---
   loadConfig() {
     const configPath = join(this.configDir, "config.json");
@@ -31031,15 +30987,14 @@ var MoltsPayClient = class {
     } catch {
       throw new Error(`Unknown chain: ${this.config.chain}`);
     }
-    const { ethers: ethers4 } = await import("ethers");
-    const provider = new ethers4.JsonRpcProvider(chain2.rpc);
+    const provider = new ethers.JsonRpcProvider(chain2.rpc);
     const nativeBalance = await provider.getBalance(this.wallet.address);
     const usdcAbi = ["function balanceOf(address) view returns (uint256)"];
-    const usdc = new ethers4.Contract(chain2.usdc, usdcAbi, provider);
+    const usdc = new ethers.Contract(chain2.usdc, usdcAbi, provider);
     const usdcBalance = await usdc.balanceOf(this.wallet.address);
     return {
-      usdc: parseFloat(ethers4.formatUnits(usdcBalance, 6)),
-      native: parseFloat(ethers4.formatEther(nativeBalance))
+      usdc: parseFloat(ethers.formatUnits(usdcBalance, 6)),
+      native: parseFloat(ethers.formatEther(nativeBalance))
     };
   }
 };
@@ -31169,6 +31124,143 @@ function walletExists(storagePath) {
   return existsSync2(path3);
 }
 
+// src/verify/index.ts
+init_esm_shims();
+import { ethers as ethers4 } from "ethers";
+var TRANSFER_EVENT_TOPIC = ethers4.id("Transfer(address,address,uint256)");
+async function verifyPayment(params) {
+  const { txHash, expectedAmount, expectedTo } = params;
+  let chain2;
+  try {
+    if (typeof params.chain === "number") {
+      chain2 = getChainById(params.chain);
+    } else {
+      chain2 = getChain(params.chain || "base");
+    }
+    if (!chain2) {
+      return { verified: false, error: `Unsupported chain: ${params.chain}` };
+    }
+  } catch (e) {
+    return { verified: false, error: `Unsupported chain: ${params.chain}` };
+  }
+  try {
+    const provider = new ethers4.JsonRpcProvider(chain2.rpc);
+    const receipt = await provider.getTransactionReceipt(txHash);
+    if (!receipt) {
+      return { verified: false, error: "Transaction not found or not confirmed" };
+    }
+    if (receipt.status !== 1) {
+      return { verified: false, error: "Transaction failed" };
+    }
+    const usdcAddress = chain2.usdc?.toLowerCase();
+    if (!usdcAddress) {
+      return { verified: false, error: `Chain ${chain2.name} USDC address not configured` };
+    }
+    for (const log of receipt.logs) {
+      if (log.address.toLowerCase() !== usdcAddress) {
+        continue;
+      }
+      if (log.topics.length < 3 || log.topics[0] !== TRANSFER_EVENT_TOPIC) {
+        continue;
+      }
+      const from = "0x" + log.topics[1].slice(-40);
+      const to = "0x" + log.topics[2].slice(-40);
+      const amountRaw = BigInt(log.data);
+      const amount = Number(amountRaw) / 1e6;
+      if (expectedTo && to.toLowerCase() !== expectedTo.toLowerCase()) {
+        continue;
+      }
+      if (amount < expectedAmount) {
+        return {
+          verified: false,
+          error: `Insufficient amount: received ${amount} USDC, expected ${expectedAmount} USDC`,
+          amount,
+          from,
+          to,
+          txHash,
+          blockNumber: receipt.blockNumber
+        };
+      }
+      return {
+        verified: true,
+        amount,
+        from,
+        to,
+        txHash,
+        blockNumber: receipt.blockNumber
+      };
+    }
+    return { verified: false, error: "No USDC transfer found" };
+  } catch (e) {
+    return { verified: false, error: e.message || String(e) };
+  }
+}
+async function getTransactionStatus(txHash, chain2 = "base") {
+  let chainConfig;
+  try {
+    chainConfig = typeof chain2 === "number" ? getChainById(chain2) : getChain(chain2);
+    if (!chainConfig) return { status: "not_found" };
+  } catch {
+    return { status: "not_found" };
+  }
+  try {
+    const provider = new ethers4.JsonRpcProvider(chainConfig.rpc);
+    const receipt = await provider.getTransactionReceipt(txHash);
+    if (!receipt) {
+      const tx = await provider.getTransaction(txHash);
+      if (tx) {
+        return { status: "pending" };
+      }
+      return { status: "not_found" };
+    }
+    const currentBlock = await provider.getBlockNumber();
+    const confirmations = currentBlock - receipt.blockNumber;
+    if (receipt.status === 1) {
+      return {
+        status: "confirmed",
+        blockNumber: receipt.blockNumber,
+        confirmations
+      };
+    } else {
+      return {
+        status: "failed",
+        blockNumber: receipt.blockNumber
+      };
+    }
+  } catch {
+    return { status: "not_found" };
+  }
+}
+async function waitForTransaction(txHash, chain2 = "base", confirmations = 1, timeoutMs = 6e4) {
+  let chainConfig;
+  try {
+    chainConfig = typeof chain2 === "number" ? getChainById(chain2) : getChain(chain2);
+    if (!chainConfig) {
+      return { verified: false, confirmed: false, error: `Unsupported chain: ${chain2}` };
+    }
+  } catch (e) {
+    return { verified: false, confirmed: false, error: `Unsupported chain: ${chain2}` };
+  }
+  const provider = new ethers4.JsonRpcProvider(chainConfig.rpc);
+  try {
+    const receipt = await provider.waitForTransaction(txHash, confirmations, timeoutMs);
+    if (!receipt) {
+      return { verified: false, confirmed: false, error: "Timeout waiting" };
+    }
+    if (receipt.status !== 1) {
+      return { verified: false, confirmed: true, error: "Transaction failed" };
+    }
+    return {
+      verified: true,
+      confirmed: true,
+      txHash,
+      blockNumber: receipt.blockNumber
+    };
+  } catch (e) {
+    return { verified: false, confirmed: false, error: e.message || String(e) };
+  }
+}
+
 // src/cdp/index.ts
 init_esm_shims();
 import * as fs from "fs";
@@ -31290,9 +31382,9 @@ var CDPWallet = class {
    * Get USDC balance
    */
   async getBalance() {
-    const { ethers: ethers4 } = await import("ethers");
-    const provider = new ethers4.JsonRpcProvider(this.chainConfig.rpc);
-    const usdcContract = new ethers4.Contract(
+    const { ethers: ethers5 } = await import("ethers");
+    const provider = new ethers5.JsonRpcProvider(this.chainConfig.rpc);
+    const usdcContract = new ethers5.Contract(
       this.chainConfig.usdc,
       ["function balanceOf(address) view returns (uint256)"],
       provider
@@ -31303,7 +31395,7 @@ var CDPWallet = class {
     ]);
     return {
       usdc: (Number(usdcBalance) / 1e6).toFixed(2),
-      eth: ethers4.formatEther(ethBalance)
+      eth: ethers5.formatEther(ethBalance)
     };
   }
   /**
@@ -31321,7 +31413,7 @@ var CDPWallet = class {
     }
     try {
       const { CdpClient } = await import("@coinbase/cdp-sdk");
-      const { ethers: ethers4 } = await import("ethers");
+      const { ethers: ethers5 } = await import("ethers");
       const cdp = new CdpClient({
         apiKeyId: creds.apiKeyId,
         apiKeySecret: creds.apiKeySecret,
@@ -31329,7 +31421,7 @@ var CDPWallet = class {
       });
       const account = await cdp.evm.getAccount({ address: this.address });
       const amountWei = BigInt(Math.floor(params.amount * 1e6));
-      const iface = new ethers4.Interface([
+      const iface = new ethers5.Interface([
         "function transfer(address to, uint256 amount) returns (bool)"
       ]);
       const callData = iface.encodeFunctionData("transfer", [params.to, amountWei]);