moltspay 1.2.1 → 1.4.0

package/dist/client/index.mjs

@@ -1,7 +1,7 @@
 // src/client/index.ts
-import { existsSync, readFileSync, writeFileSync, mkdirSync, statSync, chmodSync } from "fs";
-import { homedir } from "os";
-import { join } from "path";
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, statSync, chmodSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
 import { Wallet, ethers } from "ethers";
 
 // src/chains/index.ts
@@ -82,6 +82,92 @@ var CHAINS = {
     explorer: "https://sepolia.basescan.org/address/",
     explorerTx: "https://sepolia.basescan.org/tx/",
     avgBlockTime: 2
+  },
+  // ============ Tempo Testnet (Moderato) ============
+  tempo_moderato: {
+    name: "Tempo Moderato",
+    chainId: 42431,
+    rpc: "https://rpc.moderato.tempo.xyz",
+    tokens: {
+      // TIP-20 stablecoins on Tempo testnet (from mppx SDK)
+      // Note: Tempo uses USD as native gas token, not ETH
+      USDC: {
+        address: "0x20c0000000000000000000000000000000000000",
+        // pathUSD - primary testnet stablecoin
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "pathUSD"
+      },
+      USDT: {
+        address: "0x20c0000000000000000000000000000000000001",
+        // alphaUSD
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "alphaUSD"
+      }
+    },
+    usdc: "0x20c0000000000000000000000000000000000000",
+    explorer: "https://explore.testnet.tempo.xyz/address/",
+    explorerTx: "https://explore.testnet.tempo.xyz/tx/",
+    avgBlockTime: 0.5
+    // ~500ms finality
+  },
+  // ============ BNB Chain Testnet ============
+  bnb_testnet: {
+    name: "BNB Testnet",
+    chainId: 97,
+    rpc: "https://data-seed-prebsc-1-s1.binance.org:8545",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins (unlike Base/Polygon which use 6)
+      // Using official Binance-Peg testnet tokens
+      USDC: {
+        address: "0x64544969ed7EBf5f083679233325356EbE738930",
+        // Testnet USDC
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x337610d27c682E347C9cD60BD4b3b107C9d34dDd",
+        // Testnet USDT
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x64544969ed7EBf5f083679233325356EbE738930",
+    explorer: "https://testnet.bscscan.com/address/",
+    explorerTx: "https://testnet.bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
+  },
+  // ============ BNB Chain Mainnet ============
+  bnb: {
+    name: "BNB Smart Chain",
+    chainId: 56,
+    rpc: "https://bsc-dataseed.binance.org",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins
+      USDC: {
+        address: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x55d398326f99059fF775485246999027B3197955",
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+    explorer: "https://bscscan.com/address/",
+    explorerTx: "https://bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
   }
 };
 function getChain(name) {
@@ -92,7 +178,129 @@ function getChain(name) {
   return config;
 }
 
+// src/wallet/solana.ts
+import { Keypair, PublicKey as PublicKey2, LAMPORTS_PER_SOL } from "@solana/web3.js";
+import { getAssociatedTokenAddress, getAccount } from "@solana/spl-token";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import bs58 from "bs58";
+
+// src/chains/solana.ts
+import { Connection, PublicKey } from "@solana/web3.js";
+var SOLANA_CHAINS = {
+  solana: {
+    name: "Solana Mainnet",
+    cluster: "mainnet-beta",
+    rpc: "https://api.mainnet-beta.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+        // Circle official USDC
+        decimals: 6
+      }
+    }
+  },
+  solana_devnet: {
+    name: "Solana Devnet",
+    cluster: "devnet",
+    rpc: "https://api.devnet.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        // Circle's devnet USDC (if not available, we'll deploy our own test token)
+        mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
+        decimals: 6
+      }
+    }
+  }
+};
+
+// src/wallet/solana.ts
+var DEFAULT_CONFIG_DIR = join(homedir(), ".moltspay");
+var SOLANA_WALLET_FILE = "wallet-solana.json";
+function getSolanaWalletPath(configDir = DEFAULT_CONFIG_DIR) {
+  return join(configDir, SOLANA_WALLET_FILE);
+}
+function loadSolanaWallet(configDir = DEFAULT_CONFIG_DIR) {
+  const walletPath = getSolanaWalletPath(configDir);
+  if (!existsSync(walletPath)) {
+    return null;
+  }
+  try {
+    const data = JSON.parse(readFileSync(walletPath, "utf-8"));
+    const secretKey = bs58.decode(data.secretKey);
+    return Keypair.fromSecretKey(secretKey);
+  } catch (error) {
+    console.error("Failed to load Solana wallet:", error);
+    return null;
+  }
+}
+
+// src/facilitators/solana.ts
+import {
+  Connection as Connection3,
+  PublicKey as PublicKey3,
+  Transaction,
+  VersionedTransaction
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress as getAssociatedTokenAddress2,
+  createTransferCheckedInstruction,
+  getAccount as getAccount2,
+  createAssociatedTokenAccountInstruction
+} from "@solana/spl-token";
+async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amount, chain, feePayerPubkey) {
+  const chainConfig = SOLANA_CHAINS[chain];
+  const connection = new Connection3(chainConfig.rpc, "confirmed");
+  const mint = new PublicKey3(chainConfig.tokens.USDC.mint);
+  const actualFeePayer = feePayerPubkey || senderPubkey;
+  const senderATA = await getAssociatedTokenAddress2(mint, senderPubkey);
+  const recipientATA = await getAssociatedTokenAddress2(mint, recipientPubkey);
+  const transaction = new Transaction();
+  try {
+    await getAccount2(connection, recipientATA);
+  } catch {
+    transaction.add(
+      createAssociatedTokenAccountInstruction(
+        actualFeePayer,
+        // payer (fee payer in gasless mode)
+        recipientATA,
+        // ata to create
+        recipientPubkey,
+        // owner
+        mint
+        // mint
+      )
+    );
+  }
+  transaction.add(
+    createTransferCheckedInstruction(
+      senderATA,
+      // source
+      mint,
+      // mint
+      recipientATA,
+      // destination
+      senderPubkey,
+      // owner (sender still authorizes the transfer)
+      amount,
+      // amount
+      chainConfig.tokens.USDC.decimals
+      // decimals
+    )
+  );
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.feePayer = actualFeePayer;
+  return transaction;
+}
+
 // src/client/index.ts
+import { PublicKey as PublicKey4 } from "@solana/web3.js";
 var X402_VERSION = 2;
 var PAYMENT_REQUIRED_HEADER = "x-payment-required";
 var PAYMENT_HEADER = "x-payment";
@@ -111,7 +319,7 @@ var MoltsPayClient = class {
   todaySpending = 0;
   lastSpendingReset = 0;
   constructor(options = {}) {
-    this.configDir = options.configDir || join(homedir(), ".moltspay");
+    this.configDir = options.configDir || join2(homedir2(), ".moltspay");
     this.config = this.loadConfig();
     this.walletData = this.loadWallet();
     this.loadSpending();
@@ -131,6 +339,12 @@ var MoltsPayClient = class {
   get address() {
     return this.wallet?.address || null;
   }
+  /**
+   * Get wallet instance (for direct operations like approvals)
+   */
+  getWallet() {
+    return this.wallet;
+  }
   /**
    * Get current config
    */
@@ -200,9 +414,14 @@ var MoltsPayClient = class {
       }
       throw new Error(data.error || "Unexpected response");
     }
+    const wwwAuthHeader = initialRes.headers.get("www-authenticate");
     const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER);
+    if (wwwAuthHeader && wwwAuthHeader.toLowerCase().includes("payment")) {
+      console.log("[MoltsPay] Detected MPP protocol, using Tempo flow...");
+      return await this.handleMPPPayment(serverUrl, service, params, wwwAuthHeader);
+    }
     if (!paymentRequiredHeader) {
-      throw new Error("Missing x-payment-required header");
+      throw new Error("Missing payment header (x-payment-required or www-authenticate)");
     }
     let requirements;
     try {
@@ -219,17 +438,22 @@ var MoltsPayClient = class {
       throw new Error("Invalid x-payment-required header");
     }
     const networkToChainName = (network2) => {
+      if (network2 === "solana:mainnet") return "solana";
+      if (network2 === "solana:devnet") return "solana_devnet";
       const match = network2.match(/^eip155:(\d+)$/);
       if (!match) return null;
       const chainId = parseInt(match[1]);
       if (chainId === 8453) return "base";
       if (chainId === 137) return "polygon";
       if (chainId === 84532) return "base_sepolia";
+      if (chainId === 42431) return "tempo_moderato";
+      if (chainId === 56) return "bnb";
+      if (chainId === 97) return "bnb_testnet";
       return null;
     };
     const serverChains = requirements.map((r) => networkToChainName(r.network)).filter((c) => c !== null);
-    let chainName;
     const userSpecifiedChain = options.chain;
+    let selectedChain;
     if (userSpecifiedChain) {
       if (!serverChains.includes(userSpecifiedChain)) {
         throw new Error(
@@ -237,17 +461,27 @@ var MoltsPayClient = class {
 Server accepts: ${serverChains.join(", ")}`
         );
       }
-      chainName = userSpecifiedChain;
+      selectedChain = userSpecifiedChain;
     } else {
       if (serverChains.length === 1 && serverChains[0] === "base") {
-        chainName = "base";
+        selectedChain = "base";
       } else {
         throw new Error(
           `Server accepts: ${serverChains.join(", ")}
-Please specify: --chain base, --chain polygon, or --chain base_sepolia`
+Please specify: --chain <chain_name>`
         );
       }
     }
+    if (selectedChain === "solana" || selectedChain === "solana_devnet") {
+      const solanaChain = selectedChain;
+      const network2 = solanaChain === "solana" ? "solana:mainnet" : "solana:devnet";
+      const req2 = requirements.find((r) => r.network === network2);
+      if (!req2) {
+        throw new Error(`Failed to find payment requirement for ${selectedChain}`);
+      }
+      return await this.handleSolanaPayment(serverUrl, service, params, req2, solanaChain);
+    }
+    const chainName = selectedChain;
     const chain = getChain(chainName);
     const network = `eip155:${chain.chainId}`;
     const req = requirements.find((r) => r.scheme === "exact" && r.network === network);
@@ -282,6 +516,25 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
     } else {
       console.log(`[MoltsPay] Signing payment: $${amount} ${token} (gasless)`);
     }
+    if (chainName === "bnb" || chainName === "bnb_testnet") {
+      console.log(`[MoltsPay] Using BNB intent-based payment flow...`);
+      const payTo2 = req.payTo || req.resource;
+      if (!payTo2) {
+        throw new Error("Missing payTo address in payment requirements");
+      }
+      const bnbSpender = req.extra?.bnbSpender;
+      if (!bnbSpender) {
+        throw new Error("Server did not provide bnbSpender address. Server may not support BNB payments.");
+      }
+      return await this.handleBNBPayment(serverUrl, service, params, {
+        to: payTo2,
+        amount,
+        token,
+        chainName,
+        chain,
+        spender: bnbSpender
+      });
+    }
     const payTo = req.payTo || req.resource;
     if (!payTo) {
       throw new Error("Missing payTo address in payment requirements");
@@ -331,6 +584,300 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
     console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
     return result.result;
   }
+  /**
+   * Handle MPP (Machine Payments Protocol) payment flow
+   * Called when pay() detects WWW-Authenticate header in 402 response
+   */
+  async handleMPPPayment(serverUrl, service, params, wwwAuthHeader) {
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const { createWalletClient, createPublicClient, http } = await import("viem");
+    const { tempoModerato } = await import("viem/chains");
+    const { Actions } = await import("viem/tempo");
+    const privateKey = this.walletData.privateKey;
+    const account = privateKeyToAccount(privateKey);
+    console.log(`[MoltsPay] Using MPP protocol on Tempo`);
+    console.log(`[MoltsPay] Account: ${account.address}`);
+    const parseAuthParam = (header, key) => {
+      const match = header.match(new RegExp(`${key}="([^"]+)"`, "i"));
+      return match ? match[1] : null;
+    };
+    const challengeId = parseAuthParam(wwwAuthHeader, "id");
+    const method = parseAuthParam(wwwAuthHeader, "method");
+    const realm = parseAuthParam(wwwAuthHeader, "realm");
+    const requestB64 = parseAuthParam(wwwAuthHeader, "request");
+    if (method !== "tempo") {
+      throw new Error(`Unsupported payment method: ${method}`);
+    }
+    if (!requestB64) {
+      throw new Error("Missing request in WWW-Authenticate");
+    }
+    const requestJson = Buffer.from(requestB64, "base64").toString("utf-8");
+    const paymentRequest = JSON.parse(requestJson);
+    const { amount, currency, recipient, methodDetails } = paymentRequest;
+    const chainId = methodDetails?.chainId || 42431;
+    const amountDisplay = Number(amount) / 1e6;
+    console.log(`[MoltsPay] Payment: $${amountDisplay} to ${recipient}`);
+    this.checkLimits(amountDisplay);
+    console.log(`[MoltsPay] Sending transaction on Tempo...`);
+    const tempoChain = { ...tempoModerato, feeToken: currency };
+    const publicClient = createPublicClient({
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const walletClient = createWalletClient({
+      account,
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const txHash = await Actions.token.transfer(walletClient, {
+      to: recipient,
+      amount: BigInt(amount),
+      token: currency
+    });
+    console.log(`[MoltsPay] Transaction: ${txHash}`);
+    await publicClient.waitForTransactionReceipt({ hash: txHash });
+    console.log(`[MoltsPay] Confirmed! Retrying with credential...`);
+    const credential = {
+      challenge: {
+        id: challengeId,
+        realm,
+        method: "tempo",
+        intent: "charge",
+        request: paymentRequest
+      },
+      payload: { hash: txHash, type: "hash" },
+      source: `did:pkh:eip155:${chainId}:${account.address}`
+    };
+    const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    const paidRes = await fetch(`${serverUrl}/execute`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Payment ${credentialB64}`
+      },
+      body: JSON.stringify({ service, params, chain: "tempo_moderato" })
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Payment verification failed");
+    }
+    this.recordSpending(amountDisplay);
+    console.log(`[MoltsPay] Success!`);
+    return result.result || result;
+  }
+  /**
+   * Handle BNB Chain payment flow (pre-approval + intent signature)
+   * 
+   * Flow:
+   * 1. Check client has approved server wallet (done via `moltspay init`)
+   * 2. Sign EIP-712 payment intent (no gas, just signature)
+   * 3. Send intent to server
+   * 4. Server executes service
+   * 5. Server calls transferFrom if successful (pay-for-success)
+   */
+  async handleBNBPayment(serverUrl, service, params, paymentDetails) {
+    const { to, amount, token, chainName, chain, spender } = paymentDetails;
+    const tokenConfig = chain.tokens[token];
+    const provider = new ethers.JsonRpcProvider(chain.rpc);
+    const allowance = await this.checkAllowance(tokenConfig.address, spender, provider);
+    const amountWeiCheck = BigInt(Math.floor(amount * 10 ** tokenConfig.decimals));
+    if (allowance < amountWeiCheck) {
+      const nativeBalance = await provider.getBalance(this.wallet.address);
+      const minGasBalance = ethers.parseEther("0.0005");
+      if (nativeBalance < minGasBalance) {
+        const nativeBNB = parseFloat(ethers.formatEther(nativeBalance)).toFixed(4);
+        const isTestnet = chainName === "bnb_testnet";
+        if (isTestnet) {
+          throw new Error(
+            `\u274C Insufficient tBNB for approval transaction
+
+   Current tBNB: ${nativeBNB}
+   Required:     ~0.001 tBNB
+
+   Get testnet tokens: npx moltspay faucet --chain bnb_testnet
+   (Gives USDC + tBNB for gas)`
+          );
+        } else {
+          throw new Error(
+            `\u274C Insufficient BNB for approval transaction
+
+   Current BNB: ${nativeBNB}
+   Required:    ~0.001 BNB (~$0.60)
+
+   To get BNB:
+   \u2022 Withdraw from Binance/exchange to your wallet
+   \u2022 Most exchanges include BNB dust with withdrawals
+
+   After funding, run:
+   npx moltspay approve --chain ${chainName} --spender ${spender}`
+          );
+        }
+      }
+      throw new Error(
+        `Insufficient allowance for ${spender.slice(0, 10)}...
+Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
+      );
+    }
+    const amountWei = BigInt(Math.floor(amount * 10 ** tokenConfig.decimals)).toString();
+    const intent = {
+      from: this.wallet.address,
+      to,
+      amount: amountWei,
+      token: tokenConfig.address,
+      service,
+      nonce: Date.now(),
+      // Use timestamp as nonce for simplicity
+      deadline: Date.now() + 36e5
+      // 1 hour
+    };
+    const domain = {
+      name: "MoltsPay",
+      version: "1",
+      chainId: chain.chainId
+    };
+    const types = {
+      PaymentIntent: [
+        { name: "from", type: "address" },
+        { name: "to", type: "address" },
+        { name: "amount", type: "uint256" },
+        { name: "token", type: "address" },
+        { name: "service", type: "string" },
+        { name: "nonce", type: "uint256" },
+        { name: "deadline", type: "uint256" }
+      ]
+    };
+    console.log(`[MoltsPay] Signing BNB payment intent...`);
+    const signature = await this.wallet.signTypedData(domain, types, intent);
+    const network = `eip155:${chain.chainId}`;
+    const payload = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      payload: {
+        intent: {
+          ...intent,
+          signature
+        },
+        chainId: chain.chainId
+      },
+      accepted: {
+        scheme: "exact",
+        network,
+        asset: tokenConfig.address,
+        amount: amountWei,
+        payTo: to,
+        maxTimeoutSeconds: 300
+      }
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    console.log(`[MoltsPay] Sending BNB payment request...`);
+    const paidRes = await fetch(`${serverUrl}/execute`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Payment": paymentHeader
+      },
+      body: JSON.stringify({ service, params, chain: chainName })
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "BNB payment failed");
+    }
+    this.recordSpending(amount);
+    console.log(`[MoltsPay] Success! BNB payment settled.`);
+    return result.result || result;
+  }
+  /**
+   * Handle Solana payment flow
+   * 
+   * Solana uses SPL token transfers with pay-for-success model:
+   * 1. Client creates and signs a transfer transaction
+   * 2. Server submits the transaction after service completes
+   */
+  async handleSolanaPayment(serverUrl, service, params, requirements, chain) {
+    const solanaWallet = loadSolanaWallet(this.configDir);
+    if (!solanaWallet) {
+      throw new Error("No Solana wallet found. Run: npx moltspay init --chain solana_devnet");
+    }
+    const amount = Number(requirements.amount);
+    const amountUSDC = amount / 1e6;
+    this.checkLimits(amountUSDC);
+    console.log(`[MoltsPay] Creating Solana payment: $${amountUSDC} USDC`);
+    if (!requirements.payTo) {
+      throw new Error("Missing payTo address in payment requirements");
+    }
+    const solanaFeePayer = requirements.extra?.solanaFeePayer;
+    const feePayerPubkey = solanaFeePayer ? new PublicKey4(solanaFeePayer) : void 0;
+    if (feePayerPubkey) {
+      console.log(`[MoltsPay] Gasless mode: server pays fees`);
+    }
+    const recipientPubkey = new PublicKey4(requirements.payTo);
+    const transaction = await createSolanaPaymentTransaction(
+      solanaWallet.publicKey,
+      recipientPubkey,
+      BigInt(amount),
+      chain,
+      feePayerPubkey
+      // Optional fee payer for gasless mode
+    );
+    if (feePayerPubkey) {
+      transaction.partialSign(solanaWallet);
+    } else {
+      transaction.sign(solanaWallet);
+    }
+    const signedTx = transaction.serialize({ requireAllSignatures: false }).toString("base64");
+    console.log(`[MoltsPay] Transaction signed, sending to server...`);
+    const network = chain === "solana" ? "solana:mainnet" : "solana:devnet";
+    const payload = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      payload: {
+        signedTransaction: signedTx,
+        sender: solanaWallet.publicKey.toBase58(),
+        chain
+      },
+      accepted: {
+        scheme: "exact",
+        network,
+        asset: requirements.asset,
+        amount: requirements.amount,
+        payTo: requirements.payTo,
+        maxTimeoutSeconds: 300
+      }
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    const paidRes = await fetch(`${serverUrl}/execute`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Payment": paymentHeader
+      },
+      body: JSON.stringify({ service, params, chain })
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Solana payment failed");
+    }
+    this.recordSpending(amountUSDC);
+    console.log(`[MoltsPay] Success! Solana payment settled.`);
+    if (result.payment?.transaction) {
+      const explorerUrl = chain === "solana" ? `https://solscan.io/tx/${result.payment.transaction}` : `https://solscan.io/tx/${result.payment.transaction}?cluster=devnet`;
+      console.log(`[MoltsPay] Transaction: ${explorerUrl}`);
+    }
+    return result.result || result;
+  }
+  /**
+   * Check ERC20 allowance for a spender
+   */
+  async checkAllowance(tokenAddress, spender, provider) {
+    const contract = new ethers.Contract(
+      tokenAddress,
+      ["function allowance(address owner, address spender) view returns (uint256)"],
+      provider
+    );
+    return await contract.allowance(this.wallet.address, spender);
+  }
   /**
    * Sign EIP-3009 transferWithAuthorization (GASLESS)
    * This only signs - no on-chain transaction, no gas needed.
@@ -401,26 +948,26 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
   }
   // --- Config & Wallet Management ---
   loadConfig() {
-    const configPath = join(this.configDir, "config.json");
-    if (existsSync(configPath)) {
-      const content = readFileSync(configPath, "utf-8");
+    const configPath = join2(this.configDir, "config.json");
+    if (existsSync2(configPath)) {
+      const content = readFileSync2(configPath, "utf-8");
       return { ...DEFAULT_CONFIG, ...JSON.parse(content) };
     }
     return { ...DEFAULT_CONFIG };
   }
   saveConfig() {
-    mkdirSync(this.configDir, { recursive: true });
-    const configPath = join(this.configDir, "config.json");
-    writeFileSync(configPath, JSON.stringify(this.config, null, 2));
+    mkdirSync2(this.configDir, { recursive: true });
+    const configPath = join2(this.configDir, "config.json");
+    writeFileSync2(configPath, JSON.stringify(this.config, null, 2));
   }
   /**
    * Load spending data from disk
    */
   loadSpending() {
-    const spendingPath = join(this.configDir, "spending.json");
-    if (existsSync(spendingPath)) {
+    const spendingPath = join2(this.configDir, "spending.json");
+    if (existsSync2(spendingPath)) {
       try {
-        const data = JSON.parse(readFileSync(spendingPath, "utf-8"));
+        const data = JSON.parse(readFileSync2(spendingPath, "utf-8"));
         const today = (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0);
         if (data.date && data.date === today) {
           this.todaySpending = data.amount || 0;
@@ -439,18 +986,18 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
    * Save spending data to disk
    */
   saveSpending() {
-    mkdirSync(this.configDir, { recursive: true });
-    const spendingPath = join(this.configDir, "spending.json");
+    mkdirSync2(this.configDir, { recursive: true });
+    const spendingPath = join2(this.configDir, "spending.json");
     const data = {
       date: this.lastSpendingReset || (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0),
       amount: this.todaySpending,
       updatedAt: Date.now()
     };
-    writeFileSync(spendingPath, JSON.stringify(data, null, 2));
+    writeFileSync2(spendingPath, JSON.stringify(data, null, 2));
   }
   loadWallet() {
-    const walletPath = join(this.configDir, "wallet.json");
-    if (existsSync(walletPath)) {
+    const walletPath = join2(this.configDir, "wallet.json");
+    if (existsSync2(walletPath)) {
       try {
         const stats = statSync(walletPath);
         const mode = stats.mode & 511;
@@ -461,7 +1008,7 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
         }
       } catch (err) {
       }
-      const content = readFileSync(walletPath, "utf-8");
+      const content = readFileSync2(walletPath, "utf-8");
       return JSON.parse(content);
     }
     return null;
@@ -470,15 +1017,15 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
    * Initialize a new wallet (called by CLI)
    */
   static init(configDir, options) {
-    mkdirSync(configDir, { recursive: true });
+    mkdirSync2(configDir, { recursive: true });
     const wallet = Wallet.createRandom();
     const walletData = {
       address: wallet.address,
       privateKey: wallet.privateKey,
       createdAt: Date.now()
     };
-    const walletPath = join(configDir, "wallet.json");
-    writeFileSync(walletPath, JSON.stringify(walletData, null, 2), { mode: 384 });
+    const walletPath = join2(configDir, "wallet.json");
+    writeFileSync2(walletPath, JSON.stringify(walletData, null, 2), { mode: 384 });
     const config = {
       chain: options.chain,
       limits: {
@@ -486,8 +1033,8 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
         maxPerDay: options.maxPerDay
       }
     };
-    const configPath = join(configDir, "config.json");
-    writeFileSync(configPath, JSON.stringify(config, null, 2));
+    const configPath = join2(configDir, "config.json");
+    writeFileSync2(configPath, JSON.stringify(config, null, 2));
     return { address: wallet.address, configDir };
   }
   /**
@@ -517,30 +1064,59 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
     };
   }
   /**
-   * Get wallet balances on all supported chains (Base + Polygon)
+   * Get wallet balances on all supported chains (Base + Polygon + Tempo)
    */
   async getAllBalances() {
     if (!this.wallet) {
       throw new Error("Client not initialized");
     }
-    const supportedChains = ["base", "polygon", "base_sepolia"];
+    const supportedChains = ["base", "polygon", "base_sepolia", "tempo_moderato", "bnb", "bnb_testnet"];
     const tokenAbi = ["function balanceOf(address) view returns (uint256)"];
     const results = {};
+    const tempoTokens = {
+      pathUSD: "0x20c0000000000000000000000000000000000000",
+      alphaUSD: "0x20c0000000000000000000000000000000000001",
+      betaUSD: "0x20c0000000000000000000000000000000000002",
+      thetaUSD: "0x20c0000000000000000000000000000000000003"
+    };
     await Promise.all(
       supportedChains.map(async (chainName) => {
         try {
           const chain = getChain(chainName);
           const provider = new ethers.JsonRpcProvider(chain.rpc);
-          const [nativeBalance, usdcBalance, usdtBalance] = await Promise.all([
-            provider.getBalance(this.wallet.address),
-            new ethers.Contract(chain.tokens.USDC.address, tokenAbi, provider).balanceOf(this.wallet.address),
-            new ethers.Contract(chain.tokens.USDT.address, tokenAbi, provider).balanceOf(this.wallet.address)
-          ]);
-          results[chainName] = {
-            usdc: parseFloat(ethers.formatUnits(usdcBalance, chain.tokens.USDC.decimals)),
-            usdt: parseFloat(ethers.formatUnits(usdtBalance, chain.tokens.USDT.decimals)),
-            native: parseFloat(ethers.formatEther(nativeBalance))
-          };
+          if (chainName === "tempo_moderato") {
+            const [nativeBalance, pathUSD, alphaUSD, betaUSD, thetaUSD] = await Promise.all([
+              provider.getBalance(this.wallet.address),
+              new ethers.Contract(tempoTokens.pathUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new ethers.Contract(tempoTokens.alphaUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new ethers.Contract(tempoTokens.betaUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new ethers.Contract(tempoTokens.thetaUSD, tokenAbi, provider).balanceOf(this.wallet.address)
+            ]);
+            results[chainName] = {
+              usdc: parseFloat(ethers.formatUnits(pathUSD, 6)),
+              // pathUSD as default USDC
+              usdt: parseFloat(ethers.formatUnits(alphaUSD, 6)),
+              // alphaUSD as default USDT
+              native: parseFloat(ethers.formatEther(nativeBalance)),
+              tempo: {
+                pathUSD: parseFloat(ethers.formatUnits(pathUSD, 6)),
+                alphaUSD: parseFloat(ethers.formatUnits(alphaUSD, 6)),
+                betaUSD: parseFloat(ethers.formatUnits(betaUSD, 6)),
+                thetaUSD: parseFloat(ethers.formatUnits(thetaUSD, 6))
+              }
+            };
+          } else {
+            const [nativeBalance, usdcBalance, usdtBalance] = await Promise.all([
+              provider.getBalance(this.wallet.address),
+              new ethers.Contract(chain.tokens.USDC.address, tokenAbi, provider).balanceOf(this.wallet.address),
+              new ethers.Contract(chain.tokens.USDT.address, tokenAbi, provider).balanceOf(this.wallet.address)
+            ]);
+            results[chainName] = {
+              usdc: parseFloat(ethers.formatUnits(usdcBalance, chain.tokens.USDC.decimals)),
+              usdt: parseFloat(ethers.formatUnits(usdtBalance, chain.tokens.USDT.decimals)),
+              native: parseFloat(ethers.formatEther(nativeBalance))
+            };
+          }
         } catch (err) {
           results[chainName] = { usdc: 0, usdt: 0, native: 0 };
         }
@@ -548,6 +1124,121 @@ Please specify: --chain base, --chain polygon, or --chain base_sepolia`
     );
     return results;
   }
+  /**
+   * Pay for a service using MPP (Machine Payments Protocol)
+   * 
+   * This implements the MPP flow manually for EOA wallets:
+   * 1. Request service → get 402 with WWW-Authenticate
+   * 2. Parse payment requirements
+   * 3. Execute transfer on Tempo chain
+   * 4. Retry with transaction hash as credential
+   * 
+   * @param url - Full URL of the MPP-enabled endpoint
+   * @param options - Request options (body, headers)
+   * @returns Response from the service
+   */
+  async payWithMPP(url, options = {}) {
+    if (!this.wallet || !this.walletData) {
+      throw new Error("Client not initialized. Run: npx moltspay init");
+    }
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const { createWalletClient, createPublicClient, http } = await import("viem");
+    const { tempoModerato } = await import("viem/chains");
+    const { Actions } = await import("viem/tempo");
+    const privateKey = this.walletData.privateKey;
+    const account = privateKeyToAccount(privateKey);
+    console.log(`[MoltsPay] Making MPP request to: ${url}`);
+    console.log(`[MoltsPay] Using account: ${account.address}`);
+    const initResponse = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...options.headers
+      },
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+    if (initResponse.status !== 402) {
+      if (initResponse.ok) {
+        return initResponse.json();
+      }
+      const errorText = await initResponse.text();
+      throw new Error(`Request failed (${initResponse.status}): ${errorText}`);
+    }
+    const wwwAuth = initResponse.headers.get("www-authenticate");
+    if (!wwwAuth || !wwwAuth.toLowerCase().includes("payment")) {
+      throw new Error("No WWW-Authenticate Payment challenge in 402 response");
+    }
+    console.log(`[MoltsPay] Got 402, parsing payment challenge...`);
+    const parseAuthParam = (header, key) => {
+      const match = header.match(new RegExp(`${key}="([^"]+)"`, "i"));
+      return match ? match[1] : null;
+    };
+    const challengeId = parseAuthParam(wwwAuth, "id");
+    const method = parseAuthParam(wwwAuth, "method");
+    const realm = parseAuthParam(wwwAuth, "realm");
+    const requestB64 = parseAuthParam(wwwAuth, "request");
+    if (method !== "tempo") {
+      throw new Error(`Unsupported payment method: ${method}`);
+    }
+    if (!requestB64) {
+      throw new Error("Missing request in WWW-Authenticate");
+    }
+    const requestJson = Buffer.from(requestB64, "base64").toString("utf-8");
+    const paymentRequest = JSON.parse(requestJson);
+    console.log(`[MoltsPay] Payment request:`, paymentRequest);
+    const { amount, currency, recipient, methodDetails } = paymentRequest;
+    const chainId = methodDetails?.chainId || 42431;
+    console.log(`[MoltsPay] Executing transfer on Tempo (chainId: ${chainId})...`);
+    console.log(`[MoltsPay] Amount: ${amount}, To: ${recipient}`);
+    const tempoChain = { ...tempoModerato, feeToken: currency };
+    const publicClient = createPublicClient({
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const walletClient = createWalletClient({
+      account,
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const txHash = await Actions.token.transfer(walletClient, {
+      to: recipient,
+      amount: BigInt(amount),
+      token: currency
+    });
+    console.log(`[MoltsPay] Transaction sent: ${txHash}`);
+    console.log(`[MoltsPay] Waiting for confirmation...`);
+    await publicClient.waitForTransactionReceipt({ hash: txHash });
+    console.log(`[MoltsPay] Transaction confirmed!`);
+    const challenge = {
+      id: challengeId,
+      realm,
+      method: "tempo",
+      intent: "charge",
+      request: paymentRequest
+    };
+    const credential = {
+      challenge,
+      payload: { hash: txHash, type: "hash" },
+      source: `did:pkh:eip155:${chainId}:${account.address}`
+    };
+    const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    console.log(`[MoltsPay] Retrying with payment credential...`);
+    const paidResponse = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Payment ${credentialB64}`,
+        ...options.headers
+      },
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+    if (!paidResponse.ok) {
+      const errorText = await paidResponse.text();
+      throw new Error(`Payment verification failed (${paidResponse.status}): ${errorText}`);
+    }
+    console.log(`[MoltsPay] Payment verified! Service completed.`);
+    return paidResponse.json();
+  }
 };
 export {
   MoltsPayClient