moltspay 1.4.1 → 1.6.0

package/dist/mcp/index.js

@@ -0,0 +1,1623 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/mcp/index.ts
+var import_crypto = require("crypto");
+var import_stdio = require("@modelcontextprotocol/sdk/server/stdio.js");
+
+// src/mcp/server.ts
+var import_fs3 = require("fs");
+var import_path3 = require("path");
+var import_mcp = require("@modelcontextprotocol/sdk/server/mcp.js");
+var import_zod = require("zod");
+
+// src/client/node/index.ts
+var import_fs2 = require("fs");
+var import_os2 = require("os");
+var import_path2 = require("path");
+var import_ethers2 = require("ethers");
+
+// src/chains/index.ts
+var CHAINS = {
+  // ============ Mainnet ============
+  base: {
+    name: "Base",
+    chainId: 8453,
+    rpc: "https://mainnet.base.org",
+    tokens: {
+      USDC: {
+        address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+        // EIP-712 domain name
+      },
+      USDT: {
+        address: "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2",
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+    // deprecated, for backward compat
+    explorer: "https://basescan.org/address/",
+    explorerTx: "https://basescan.org/tx/",
+    avgBlockTime: 2
+  },
+  polygon: {
+    name: "Polygon",
+    chainId: 137,
+    rpc: "https://polygon-bor-rpc.publicnode.com",
+    tokens: {
+      USDC: {
+        address: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0xc2132D05D31c914a87C6611C10748AEb04B58e8F",
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "(PoS) Tether USD"
+        // Polygon uses this name
+      }
+    },
+    usdc: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
+    explorer: "https://polygonscan.com/address/",
+    explorerTx: "https://polygonscan.com/tx/",
+    avgBlockTime: 2
+  },
+  // ============ Testnet ============
+  base_sepolia: {
+    name: "Base Sepolia",
+    chainId: 84532,
+    rpc: "https://sepolia.base.org",
+    tokens: {
+      USDC: {
+        address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USDC"
+        // Testnet USDC uses 'USDC' not 'USD Coin'
+      },
+      USDT: {
+        address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+        // Same as USDC on testnet (no official USDT)
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "USDC"
+        // Uses same contract as USDC
+      }
+    },
+    usdc: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+    explorer: "https://sepolia.basescan.org/address/",
+    explorerTx: "https://sepolia.basescan.org/tx/",
+    avgBlockTime: 2
+  },
+  // ============ Tempo Testnet (Moderato) ============
+  tempo_moderato: {
+    name: "Tempo Moderato",
+    chainId: 42431,
+    rpc: "https://rpc.moderato.tempo.xyz",
+    tokens: {
+      // TIP-20 stablecoins on Tempo testnet (from mppx SDK)
+      // Note: Tempo uses USD as native gas token, not ETH
+      USDC: {
+        address: "0x20c0000000000000000000000000000000000000",
+        // pathUSD - primary testnet stablecoin
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "pathUSD"
+      },
+      USDT: {
+        address: "0x20c0000000000000000000000000000000000001",
+        // alphaUSD
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "alphaUSD"
+      }
+    },
+    usdc: "0x20c0000000000000000000000000000000000000",
+    explorer: "https://explore.testnet.tempo.xyz/address/",
+    explorerTx: "https://explore.testnet.tempo.xyz/tx/",
+    avgBlockTime: 0.5
+    // ~500ms finality
+  },
+  // ============ BNB Chain Testnet ============
+  bnb_testnet: {
+    name: "BNB Testnet",
+    chainId: 97,
+    rpc: "https://data-seed-prebsc-1-s1.binance.org:8545",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins (unlike Base/Polygon which use 6)
+      // Using official Binance-Peg testnet tokens
+      USDC: {
+        address: "0x64544969ed7EBf5f083679233325356EbE738930",
+        // Testnet USDC
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x337610d27c682E347C9cD60BD4b3b107C9d34dDd",
+        // Testnet USDT
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x64544969ed7EBf5f083679233325356EbE738930",
+    explorer: "https://testnet.bscscan.com/address/",
+    explorerTx: "https://testnet.bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
+  },
+  // ============ BNB Chain Mainnet ============
+  bnb: {
+    name: "BNB Smart Chain",
+    chainId: 56,
+    rpc: "https://bsc-dataseed.binance.org",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins
+      USDC: {
+        address: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x55d398326f99059fF775485246999027B3197955",
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+    explorer: "https://bscscan.com/address/",
+    explorerTx: "https://bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
+  }
+};
+function getChain(name) {
+  const config = CHAINS[name];
+  if (!config) {
+    throw new Error(`Unsupported chain: ${name}. Supported: ${Object.keys(CHAINS).join(", ")}`);
+  }
+  return config;
+}
+
+// src/wallet/solana.ts
+var import_web32 = require("@solana/web3.js");
+var import_spl_token = require("@solana/spl-token");
+var import_fs = require("fs");
+var import_path = require("path");
+var import_os = require("os");
+var import_bs58 = __toESM(require("bs58"));
+
+// src/chains/solana.ts
+var import_web3 = require("@solana/web3.js");
+var SOLANA_CHAINS = {
+  solana: {
+    name: "Solana Mainnet",
+    cluster: "mainnet-beta",
+    rpc: "https://api.mainnet-beta.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+        // Circle official USDC
+        decimals: 6
+      }
+    }
+  },
+  solana_devnet: {
+    name: "Solana Devnet",
+    cluster: "devnet",
+    rpc: "https://api.devnet.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        // Circle's devnet USDC (if not available, we'll deploy our own test token)
+        mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
+        decimals: 6
+      }
+    }
+  }
+};
+
+// src/wallet/solana.ts
+var DEFAULT_CONFIG_DIR = (0, import_path.join)((0, import_os.homedir)(), ".moltspay");
+var SOLANA_WALLET_FILE = "wallet-solana.json";
+function getSolanaWalletPath(configDir = DEFAULT_CONFIG_DIR) {
+  return (0, import_path.join)(configDir, SOLANA_WALLET_FILE);
+}
+function loadSolanaWallet(configDir = DEFAULT_CONFIG_DIR) {
+  const walletPath = getSolanaWalletPath(configDir);
+  if (!(0, import_fs.existsSync)(walletPath)) {
+    return null;
+  }
+  try {
+    const data = JSON.parse((0, import_fs.readFileSync)(walletPath, "utf-8"));
+    const secretKey = import_bs58.default.decode(data.secretKey);
+    return import_web32.Keypair.fromSecretKey(secretKey);
+  } catch (error) {
+    console.error("Failed to load Solana wallet:", error);
+    return null;
+  }
+}
+
+// src/facilitators/solana.ts
+var import_web33 = require("@solana/web3.js");
+var import_spl_token2 = require("@solana/spl-token");
+async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amount, chain, feePayerPubkey, connection) {
+  const chainConfig = SOLANA_CHAINS[chain];
+  const conn = connection ?? new import_web33.Connection(chainConfig.rpc, "confirmed");
+  const mint = new import_web33.PublicKey(chainConfig.tokens.USDC.mint);
+  const actualFeePayer = feePayerPubkey || senderPubkey;
+  const senderATA = await (0, import_spl_token2.getAssociatedTokenAddress)(mint, senderPubkey);
+  const recipientATA = await (0, import_spl_token2.getAssociatedTokenAddress)(mint, recipientPubkey);
+  const transaction = new import_web33.Transaction();
+  try {
+    await (0, import_spl_token2.getAccount)(conn, recipientATA);
+  } catch {
+    transaction.add(
+      (0, import_spl_token2.createAssociatedTokenAccountInstruction)(
+        actualFeePayer,
+        // payer (fee payer in gasless mode)
+        recipientATA,
+        // ata to create
+        recipientPubkey,
+        // owner
+        mint
+        // mint
+      )
+    );
+  }
+  transaction.add(
+    (0, import_spl_token2.createTransferCheckedInstruction)(
+      senderATA,
+      // source
+      mint,
+      // mint
+      recipientATA,
+      // destination
+      senderPubkey,
+      // owner (sender still authorizes the transfer)
+      amount,
+      // amount
+      chainConfig.tokens.USDC.decimals
+      // decimals
+    )
+  );
+  const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.feePayer = actualFeePayer;
+  return transaction;
+}
+
+// src/client/node/index.ts
+var import_web35 = require("@solana/web3.js");
+
+// src/client/core/types.ts
+var X402_VERSION = 2;
+var PAYMENT_REQUIRED_HEADER = "x-payment-required";
+var PAYMENT_HEADER = "x-payment";
+
+// src/client/core/chain-map.ts
+var NETWORK_TO_CHAIN = {
+  "eip155:8453": "base",
+  "eip155:137": "polygon",
+  "eip155:84532": "base_sepolia",
+  "eip155:42431": "tempo_moderato",
+  "eip155:56": "bnb",
+  "eip155:97": "bnb_testnet",
+  "solana:mainnet": "solana",
+  "solana:devnet": "solana_devnet"
+};
+var CHAIN_TO_NETWORK = Object.fromEntries(
+  Object.entries(NETWORK_TO_CHAIN).map(([network, chain]) => [chain, network])
+);
+function networkToChainName(network) {
+  return NETWORK_TO_CHAIN[network] ?? null;
+}
+
+// src/client/core/base64.ts
+var BufferCtor = globalThis.Buffer;
+
+// src/client/core/eip3009.ts
+var EIP3009_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function buildEIP3009TypedData(args) {
+  const validAfter = args.validAfter ?? "0";
+  const validBefore = args.validBefore ?? (Math.floor(Date.now() / 1e3) + 3600).toString();
+  const authorization = {
+    from: args.from,
+    to: args.to,
+    value: args.value,
+    validAfter,
+    validBefore,
+    nonce: args.nonce
+  };
+  return {
+    domain: {
+      name: args.tokenName,
+      version: args.tokenVersion,
+      chainId: args.chainId,
+      verifyingContract: args.tokenAddress
+    },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: authorization
+  };
+}
+
+// src/client/core/bnb-intent.ts
+var BNB_INTENT_TYPES = {
+  PaymentIntent: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "amount", type: "uint256" },
+    { name: "token", type: "address" },
+    { name: "service", type: "string" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" }
+  ]
+};
+var BNB_DOMAIN_NAME = "MoltsPay";
+var BNB_DOMAIN_VERSION = "1";
+function buildBnbIntentTypedData(args) {
+  const intent = {
+    from: args.from,
+    to: args.to,
+    amount: args.amount,
+    token: args.tokenAddress,
+    service: args.service,
+    nonce: args.nonce,
+    deadline: args.deadline
+  };
+  return {
+    domain: {
+      name: BNB_DOMAIN_NAME,
+      version: BNB_DOMAIN_VERSION,
+      chainId: args.chainId
+    },
+    types: BNB_INTENT_TYPES,
+    primaryType: "PaymentIntent",
+    message: intent
+  };
+}
+
+// src/client/node/signer.ts
+var import_ethers = require("ethers");
+var import_web34 = require("@solana/web3.js");
+var NodeSigner = class {
+  evmWallet;
+  getSolanaKeypair;
+  constructor(evmWallet, options = {}) {
+    this.evmWallet = evmWallet;
+    this.getSolanaKeypair = options.getSolanaKeypair ?? (() => null);
+  }
+  async getEvmAddress() {
+    return this.evmWallet.address;
+  }
+  async getSolanaAddress() {
+    const kp = this.getSolanaKeypair();
+    return kp ? kp.publicKey.toBase58() : null;
+  }
+  async signTypedData(envelope) {
+    const mutableTypes = {};
+    for (const [key, fields] of Object.entries(envelope.types)) {
+      mutableTypes[key] = [...fields];
+    }
+    return this.evmWallet.signTypedData(
+      envelope.domain,
+      mutableTypes,
+      envelope.message
+    );
+  }
+  async sendEvmTransaction(args) {
+    const chain = findChainByChainId(args.chainId);
+    if (!chain) {
+      throw new Error(`sendEvmTransaction: unknown chainId ${args.chainId}`);
+    }
+    const provider = new import_ethers.ethers.JsonRpcProvider(chain.rpc);
+    const connected = this.evmWallet.connect(provider);
+    const tx = await connected.sendTransaction({
+      to: args.to,
+      data: args.data,
+      value: args.value ? BigInt(args.value) : 0n
+    });
+    return tx.hash;
+  }
+  async signSolanaTransaction(args) {
+    const kp = this.getSolanaKeypair();
+    if (!kp) {
+      throw new Error("signSolanaTransaction: no Solana wallet configured");
+    }
+    const tx = import_web34.Transaction.from(Buffer.from(args.transactionBase64, "base64"));
+    if (args.partialSign) {
+      tx.partialSign(kp);
+    } else {
+      tx.sign(kp);
+    }
+    return tx.serialize({ requireAllSignatures: false }).toString("base64");
+  }
+};
+function findChainByChainId(chainId) {
+  for (const cfg of Object.values(CHAINS)) {
+    if (cfg.chainId === chainId) {
+      return cfg;
+    }
+  }
+  return void 0;
+}
+
+// src/client/node/index.ts
+var DEFAULT_CONFIG = {
+  chain: "base",
+  limits: {
+    maxPerTx: 100,
+    maxPerDay: 1e3
+  }
+};
+var MoltsPayClient = class {
+  configDir;
+  config;
+  walletData = null;
+  wallet = null;
+  signer = null;
+  todaySpending = 0;
+  lastSpendingReset = 0;
+  constructor(options = {}) {
+    this.configDir = options.configDir || (0, import_path2.join)((0, import_os2.homedir)(), ".moltspay");
+    this.config = this.loadConfig();
+    this.walletData = this.loadWallet();
+    this.loadSpending();
+    if (this.walletData) {
+      this.wallet = new import_ethers2.Wallet(this.walletData.privateKey);
+      const configDir = this.configDir;
+      this.signer = new NodeSigner(this.wallet, {
+        getSolanaKeypair: () => loadSolanaWallet(configDir)
+      });
+    }
+  }
+  /**
+   * Check if client is initialized (has wallet)
+   */
+  get isInitialized() {
+    return this.wallet !== null;
+  }
+  /**
+   * Get wallet address
+   */
+  get address() {
+    return this.wallet?.address || null;
+  }
+  /**
+   * Get wallet instance (for direct operations like approvals)
+   */
+  getWallet() {
+    return this.wallet;
+  }
+  /**
+   * Get current config
+   */
+  getConfig() {
+    return { ...this.config };
+  }
+  /**
+   * Update config
+   */
+  updateConfig(updates) {
+    if (updates.maxPerTx !== void 0) {
+      this.config.limits.maxPerTx = updates.maxPerTx;
+    }
+    if (updates.maxPerDay !== void 0) {
+      this.config.limits.maxPerDay = updates.maxPerDay;
+    }
+    this.saveConfig();
+  }
+  /**
+   * Get services from a provider
+   */
+  async getServices(serverUrl) {
+    const normalizedUrl = serverUrl.replace(/\/(services|api\/services|registry\/services)\/?$/, "");
+    const endpoints = ["/services", "/api/services", "/registry/services"];
+    for (const endpoint of endpoints) {
+      try {
+        const res = await fetch(`${normalizedUrl}${endpoint}`);
+        if (!res.ok) continue;
+        const contentType = res.headers.get("content-type") || "";
+        if (!contentType.includes("application/json")) continue;
+        return await res.json();
+      } catch {
+        continue;
+      }
+    }
+    throw new Error(`Failed to get services: no valid endpoint found at ${normalizedUrl}`);
+  }
+  /**
+   * Pay for a service and get the result (x402 protocol)
+   * 
+   * This is GASLESS for the client - server pays gas to claim payment.
+   * This is PAY-FOR-SUCCESS - payment only claimed if service succeeds.
+   * 
+   * @param serverUrl - Server URL
+   * @param service - Service ID
+   * @param params - Service parameters
+   * @param options - Payment options (token selection)
+   */
+  async pay(serverUrl, service, params, options = {}) {
+    if (!this.wallet || !this.walletData) {
+      throw new Error("Client not initialized. Run: npx moltspay init");
+    }
+    console.log(`[MoltsPay] Requesting service: ${service}`);
+    let executeUrl = `${serverUrl}/execute`;
+    try {
+      const services = await this.getServices(serverUrl);
+      const svc = services.services?.find((s) => s.id === service);
+      if (svc?.endpoint) {
+        executeUrl = `${serverUrl}${svc.endpoint}`;
+        console.log(`[MoltsPay] Using service endpoint: ${svc.endpoint}`);
+      }
+    } catch {
+    }
+    let requestBody;
+    if (options.rawData) {
+      requestBody = { service, ...params };
+    } else {
+      requestBody = { service, params };
+    }
+    if (options.chain) {
+      requestBody.chain = options.chain;
+    }
+    const initialRes = await fetch(executeUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(requestBody)
+    });
+    if (initialRes.status !== 402) {
+      const data = await initialRes.json();
+      if (initialRes.ok && data.result) {
+        return data.result;
+      }
+      throw new Error(data.error || "Unexpected response");
+    }
+    const wwwAuthHeader = initialRes.headers.get("www-authenticate");
+    const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER);
+    if (wwwAuthHeader && wwwAuthHeader.toLowerCase().includes("payment")) {
+      console.log("[MoltsPay] Detected MPP protocol, using Tempo flow...");
+      return await this.handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options);
+    }
+    if (!paymentRequiredHeader) {
+      throw new Error("Missing payment header (x-payment-required or www-authenticate)");
+    }
+    let requirements;
+    try {
+      const decoded = Buffer.from(paymentRequiredHeader, "base64").toString("utf-8");
+      const parsed = JSON.parse(decoded);
+      if (Array.isArray(parsed)) {
+        requirements = parsed;
+      } else if (parsed.accepts && Array.isArray(parsed.accepts)) {
+        requirements = parsed.accepts;
+      } else {
+        requirements = [parsed];
+      }
+    } catch {
+      throw new Error("Invalid x-payment-required header");
+    }
+    const serverChains = requirements.map((r) => networkToChainName(r.network)).filter((c) => c !== null);
+    const userSpecifiedChain = options.chain;
+    let selectedChain;
+    if (userSpecifiedChain) {
+      if (!serverChains.includes(userSpecifiedChain)) {
+        throw new Error(
+          `Server doesn't accept '${userSpecifiedChain}'.
+Server accepts: ${serverChains.join(", ")}`
+        );
+      }
+      selectedChain = userSpecifiedChain;
+    } else {
+      if (serverChains.length === 1 && serverChains[0] === "base") {
+        selectedChain = "base";
+      } else {
+        throw new Error(
+          `Server accepts: ${serverChains.join(", ")}
+Please specify: --chain <chain_name>`
+        );
+      }
+    }
+    if (selectedChain === "solana" || selectedChain === "solana_devnet") {
+      const solanaChain = selectedChain;
+      const network2 = solanaChain === "solana" ? "solana:mainnet" : "solana:devnet";
+      const req2 = requirements.find((r) => r.network === network2);
+      if (!req2) {
+        throw new Error(`Failed to find payment requirement for ${selectedChain}`);
+      }
+      return await this.handleSolanaPayment(executeUrl, service, params, req2, solanaChain, options);
+    }
+    const chainName = selectedChain;
+    const chain = getChain(chainName);
+    const network = `eip155:${chain.chainId}`;
+    const req = requirements.find((r) => r.scheme === "exact" && r.network === network);
+    if (!req) {
+      throw new Error(`Failed to find payment requirement for ${chainName}`);
+    }
+    const amountRaw = req.amount || req.maxAmountRequired;
+    if (!amountRaw) {
+      throw new Error("Missing amount in payment requirements");
+    }
+    const amount = Number(amountRaw) / 1e6;
+    this.checkLimits(amount);
+    let token = options.token || "USDC";
+    if (options.autoSelect) {
+      const balances = await this.getBalance();
+      if (balances.usdc >= amount) {
+        token = "USDC";
+      } else if (balances.usdt >= amount) {
+        token = "USDT";
+      } else {
+        throw new Error(`Insufficient balance: need $${amount}, have ${balances.usdc} USDC / ${balances.usdt} USDT`);
+      }
+    }
+    if (token === "USDT") {
+      const balances = await this.getBalance();
+      if (balances.native < 1e-4) {
+        throw new Error(
+          `USDT requires ETH for gas (~$0.01 on Base). Your ETH balance: ${balances.native.toFixed(6)} ETH. Please add a small amount of ETH to your wallet, or use USDC (gasless).`
+        );
+      }
+      console.log(`[MoltsPay] \u26A0\uFE0F  USDT requires gas (~$0.01). Proceeding with payment...`);
+    } else {
+      console.log(`[MoltsPay] Signing payment: $${amount} ${token} (gasless)`);
+    }
+    if (chainName === "bnb" || chainName === "bnb_testnet") {
+      console.log(`[MoltsPay] Using BNB intent-based payment flow...`);
+      const payTo2 = req.payTo || req.resource;
+      if (!payTo2) {
+        throw new Error("Missing payTo address in payment requirements");
+      }
+      const bnbSpender = req.extra?.bnbSpender;
+      if (!bnbSpender) {
+        throw new Error("Server did not provide bnbSpender address. Server may not support BNB payments.");
+      }
+      return await this.handleBNBPayment(executeUrl, service, params, {
+        to: payTo2,
+        amount,
+        token,
+        chainName,
+        chain,
+        spender: bnbSpender
+      }, options);
+    }
+    const payTo = req.payTo || req.resource;
+    if (!payTo) {
+      throw new Error("Missing payTo address in payment requirements");
+    }
+    const domainOverride = req.extra && typeof req.extra === "object" && req.extra.name ? { name: req.extra.name, version: req.extra.version || "2" } : void 0;
+    const authorization = await this.signEIP3009(payTo, amount, chain, token, domainOverride);
+    const tokenConfig = chain.tokens[token];
+    const extra = req.extra && typeof req.extra === "object" ? req.extra : {
+      name: tokenConfig.eip712Name || "USD Coin",
+      version: "2"
+    };
+    const payload = {
+      x402Version: X402_VERSION,
+      scheme: "exact",
+      network,
+      payload: authorization,
+      // { authorization: {...}, signature: "0x..." }
+      accepted: {
+        scheme: "exact",
+        network,
+        asset: tokenConfig.address,
+        amount: amountRaw,
+        payTo,
+        maxTimeoutSeconds: req.maxTimeoutSeconds || 300,
+        extra
+      }
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    console.log(`[MoltsPay] Sending request with payment...`);
+    const paidRequestBody = options.rawData ? { service, ...params } : { service, params };
+    if (options.chain) {
+      paidRequestBody.chain = options.chain;
+    }
+    const paidRes = await fetch(executeUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        [PAYMENT_HEADER]: paymentHeader
+      },
+      body: JSON.stringify(paidRequestBody)
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Service execution failed");
+    }
+    this.recordSpending(amount);
+    console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
+    return result.result || result;
+  }
+  /**
+   * Handle MPP (Machine Payments Protocol) payment flow
+   * Called when pay() detects WWW-Authenticate header in 402 response
+   */
+  async handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options = {}) {
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const { createWalletClient, createPublicClient, http } = await import("viem");
+    const { tempoModerato } = await import("viem/chains");
+    const { Actions } = await import("viem/tempo");
+    const privateKey = this.walletData.privateKey;
+    const account = privateKeyToAccount(privateKey);
+    console.log(`[MoltsPay] Using MPP protocol on Tempo`);
+    console.log(`[MoltsPay] Account: ${account.address}`);
+    const parseAuthParam = (header, key) => {
+      const match = header.match(new RegExp(`${key}="([^"]+)"`, "i"));
+      return match ? match[1] : null;
+    };
+    const challengeId = parseAuthParam(wwwAuthHeader, "id");
+    const method = parseAuthParam(wwwAuthHeader, "method");
+    const realm = parseAuthParam(wwwAuthHeader, "realm");
+    const requestB64 = parseAuthParam(wwwAuthHeader, "request");
+    if (method !== "tempo") {
+      throw new Error(`Unsupported payment method: ${method}`);
+    }
+    if (!requestB64) {
+      throw new Error("Missing request in WWW-Authenticate");
+    }
+    const requestJson = Buffer.from(requestB64, "base64").toString("utf-8");
+    const paymentRequest = JSON.parse(requestJson);
+    const { amount, currency, recipient, methodDetails } = paymentRequest;
+    const chainId = methodDetails?.chainId || 42431;
+    const amountDisplay = Number(amount) / 1e6;
+    console.log(`[MoltsPay] Payment: $${amountDisplay} to ${recipient}`);
+    this.checkLimits(amountDisplay);
+    console.log(`[MoltsPay] Sending transaction on Tempo...`);
+    const tempoChain = { ...tempoModerato, feeToken: currency };
+    const publicClient = createPublicClient({
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const walletClient = createWalletClient({
+      account,
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const txHash = await Actions.token.transfer(walletClient, {
+      to: recipient,
+      amount: BigInt(amount),
+      token: currency
+    });
+    console.log(`[MoltsPay] Transaction: ${txHash}`);
+    await publicClient.waitForTransactionReceipt({ hash: txHash });
+    console.log(`[MoltsPay] Confirmed! Retrying with credential...`);
+    const credential = {
+      challenge: {
+        id: challengeId,
+        realm,
+        method: "tempo",
+        intent: "charge",
+        request: paymentRequest
+      },
+      payload: { hash: txHash, type: "hash" },
+      source: `did:pkh:eip155:${chainId}:${account.address}`
+    };
+    const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    const retryBody = options.rawData ? { service, ...params, chain: "tempo_moderato" } : { service, params, chain: "tempo_moderato" };
+    const paidRes = await fetch(executeUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Payment ${credentialB64}`
+      },
+      body: JSON.stringify(retryBody)
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Payment verification failed");
+    }
+    this.recordSpending(amountDisplay);
+    console.log(`[MoltsPay] Success!`);
+    return result.result || result;
+  }
+  /**
+   * Handle BNB Chain payment flow (pre-approval + intent signature)
+   * 
+   * Flow:
+   * 1. Check client has approved server wallet (done via `moltspay init`)
+   * 2. Sign EIP-712 payment intent (no gas, just signature)
+   * 3. Send intent to server
+   * 4. Server executes service
+   * 5. Server calls transferFrom if successful (pay-for-success)
+   */
+  async handleBNBPayment(executeUrl, service, params, paymentDetails, options = {}) {
+    const { to, amount, token, chainName, chain, spender } = paymentDetails;
+    const tokenConfig = chain.tokens[token];
+    const provider = new import_ethers2.ethers.JsonRpcProvider(chain.rpc);
+    const allowance = await this.checkAllowance(tokenConfig.address, spender, provider);
+    const amountWeiCheck = BigInt(Math.floor(amount * 10 ** tokenConfig.decimals));
+    if (allowance < amountWeiCheck) {
+      const nativeBalance = await provider.getBalance(this.wallet.address);
+      const minGasBalance = import_ethers2.ethers.parseEther("0.0005");
+      if (nativeBalance < minGasBalance) {
+        const nativeBNB = parseFloat(import_ethers2.ethers.formatEther(nativeBalance)).toFixed(4);
+        const isTestnet = chainName === "bnb_testnet";
+        if (isTestnet) {
+          throw new Error(
+            `\u274C Insufficient tBNB for approval transaction
+
+   Current tBNB: ${nativeBNB}
+   Required:     ~0.001 tBNB
+
+   Get testnet tokens: npx moltspay faucet --chain bnb_testnet
+   (Gives USDC + tBNB for gas)`
+          );
+        } else {
+          throw new Error(
+            `\u274C Insufficient BNB for approval transaction
+
+   Current BNB: ${nativeBNB}
+   Required:    ~0.001 BNB (~$0.60)
+
+   To get BNB:
+   \u2022 Withdraw from Binance/exchange to your wallet
+   \u2022 Most exchanges include BNB dust with withdrawals
+
+   After funding, run:
+   npx moltspay approve --chain ${chainName} --spender ${spender}`
+          );
+        }
+      }
+      throw new Error(
+        `Insufficient allowance for ${spender.slice(0, 10)}...
+Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
+      );
+    }
+    const amountWei = BigInt(Math.floor(amount * 10 ** tokenConfig.decimals)).toString();
+    const intentNonce = Date.now();
+    const intentDeadline = Date.now() + 36e5;
+    const envelope = buildBnbIntentTypedData({
+      from: this.wallet.address,
+      to,
+      amount: amountWei,
+      tokenAddress: tokenConfig.address,
+      service,
+      nonce: intentNonce,
+      deadline: intentDeadline,
+      chainId: chain.chainId
+    });
+    console.log(`[MoltsPay] Signing BNB payment intent...`);
+    const signature = await this.signer.signTypedData(envelope);
+    const intent = envelope.message;
+    const network = `eip155:${chain.chainId}`;
+    const payload = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      payload: {
+        intent: {
+          ...intent,
+          signature
+        },
+        chainId: chain.chainId
+      },
+      accepted: {
+        scheme: "exact",
+        network,
+        asset: tokenConfig.address,
+        amount: amountWei,
+        payTo: to,
+        maxTimeoutSeconds: 300
+      }
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    console.log(`[MoltsPay] Sending BNB payment request...`);
+    const bnbRequestBody = options.rawData ? { service, ...params, chain: chainName } : { service, params, chain: chainName };
+    const paidRes = await fetch(executeUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Payment": paymentHeader
+      },
+      body: JSON.stringify(bnbRequestBody)
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "BNB payment failed");
+    }
+    this.recordSpending(amount);
+    console.log(`[MoltsPay] Success! BNB payment settled.`);
+    return result.result || result;
+  }
+  /**
+   * Handle Solana payment flow
+   * 
+   * Solana uses SPL token transfers with pay-for-success model:
+   * 1. Client creates and signs a transfer transaction
+   * 2. Server submits the transaction after service completes
+   */
+  async handleSolanaPayment(executeUrl, service, params, requirements, chain, options = {}) {
+    const solanaWallet = loadSolanaWallet(this.configDir);
+    if (!solanaWallet) {
+      throw new Error("No Solana wallet found. Run: npx moltspay init --chain solana_devnet");
+    }
+    const amount = Number(requirements.amount);
+    const amountUSDC = amount / 1e6;
+    this.checkLimits(amountUSDC);
+    console.log(`[MoltsPay] Creating Solana payment: $${amountUSDC} USDC`);
+    if (!requirements.payTo) {
+      throw new Error("Missing payTo address in payment requirements");
+    }
+    const solanaFeePayer = requirements.extra?.solanaFeePayer;
+    const feePayerPubkey = solanaFeePayer ? new import_web35.PublicKey(solanaFeePayer) : void 0;
+    if (feePayerPubkey) {
+      console.log(`[MoltsPay] Gasless mode: server pays fees`);
+    }
+    const recipientPubkey = new import_web35.PublicKey(requirements.payTo);
+    const transaction = await createSolanaPaymentTransaction(
+      solanaWallet.publicKey,
+      recipientPubkey,
+      BigInt(amount),
+      chain,
+      feePayerPubkey
+      // Optional fee payer for gasless mode
+    );
+    const unsignedBase64 = transaction.serialize({ requireAllSignatures: false, verifySignatures: false }).toString("base64");
+    const signedTx = await this.signer.signSolanaTransaction({
+      transactionBase64: unsignedBase64,
+      partialSign: !!feePayerPubkey
+    });
+    console.log(`[MoltsPay] Transaction signed, sending to server...`);
+    const network = chain === "solana" ? "solana:mainnet" : "solana:devnet";
+    const payload = {
+      x402Version: 2,
+      scheme: "exact",
+      network,
+      payload: {
+        signedTransaction: signedTx,
+        sender: solanaWallet.publicKey.toBase58(),
+        chain
+      },
+      accepted: {
+        scheme: "exact",
+        network,
+        asset: requirements.asset,
+        amount: requirements.amount,
+        payTo: requirements.payTo,
+        maxTimeoutSeconds: 300
+      }
+    };
+    const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
+    const solanaRequestBody = options.rawData ? { service, ...params, chain } : { service, params, chain };
+    const paidRes = await fetch(executeUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Payment": paymentHeader
+      },
+      body: JSON.stringify(solanaRequestBody)
+    });
+    const result = await paidRes.json();
+    if (!paidRes.ok) {
+      throw new Error(result.error || "Solana payment failed");
+    }
+    this.recordSpending(amountUSDC);
+    console.log(`[MoltsPay] Success! Solana payment settled.`);
+    if (result.payment?.transaction) {
+      const explorerUrl = chain === "solana" ? `https://solscan.io/tx/${result.payment.transaction}` : `https://solscan.io/tx/${result.payment.transaction}?cluster=devnet`;
+      console.log(`[MoltsPay] Transaction: ${explorerUrl}`);
+    }
+    return result.result || result;
+  }
+  /**
+   * Check ERC20 allowance for a spender
+   */
+  async checkAllowance(tokenAddress, spender, provider) {
+    const contract = new import_ethers2.ethers.Contract(
+      tokenAddress,
+      ["function allowance(address owner, address spender) view returns (uint256)"],
+      provider
+    );
+    return await contract.allowance(this.wallet.address, spender);
+  }
+  /**
+   * Sign EIP-3009 transferWithAuthorization (GASLESS)
+   * This only signs - no on-chain transaction, no gas needed.
+   * Supports both USDC and USDT.
+   *
+   * Delegates typed-data construction to `core/eip3009.ts` and the signature
+   * itself to `this.signer`. That way Web Client (Phase 4) can reuse the same
+   * flow with an EIP-1193 signer without duplicating typed-data layout.
+   */
+  async signEIP3009(to, amount, chain, token = "USDC", domainOverride) {
+    const tokenConfig = chain.tokens[token];
+    const value = BigInt(Math.floor(amount * 10 ** tokenConfig.decimals)).toString();
+    const nonce = import_ethers2.ethers.hexlify(import_ethers2.ethers.randomBytes(32));
+    const tokenName = domainOverride?.name || tokenConfig.eip712Name || (token === "USDC" ? "USD Coin" : "Tether USD");
+    const tokenVersion = domainOverride?.version || "2";
+    const envelope = buildEIP3009TypedData({
+      from: this.wallet.address,
+      to,
+      value,
+      nonce,
+      chainId: chain.chainId,
+      tokenAddress: tokenConfig.address,
+      tokenName,
+      tokenVersion
+    });
+    const signature = await this.signer.signTypedData(envelope);
+    return { authorization: envelope.message, signature };
+  }
+  /**
+   * Check spending limits
+   */
+  checkLimits(amount) {
+    if (amount > this.config.limits.maxPerTx) {
+      throw new Error(
+        `Amount $${amount} exceeds max per transaction ($${this.config.limits.maxPerTx})`
+      );
+    }
+    const today = (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0);
+    if (today > this.lastSpendingReset) {
+      this.todaySpending = 0;
+      this.lastSpendingReset = today;
+      this.saveSpending();
+    }
+    if (this.todaySpending + amount > this.config.limits.maxPerDay) {
+      throw new Error(
+        `Would exceed daily limit ($${this.todaySpending} + $${amount} > $${this.config.limits.maxPerDay})`
+      );
+    }
+  }
+  /**
+   * Record spending and persist to disk
+   */
+  recordSpending(amount) {
+    this.todaySpending += amount;
+    this.saveSpending();
+  }
+  // --- Config & Wallet Management ---
+  loadConfig() {
+    const configPath = (0, import_path2.join)(this.configDir, "config.json");
+    if ((0, import_fs2.existsSync)(configPath)) {
+      const content = (0, import_fs2.readFileSync)(configPath, "utf-8");
+      return { ...DEFAULT_CONFIG, ...JSON.parse(content) };
+    }
+    return { ...DEFAULT_CONFIG };
+  }
+  saveConfig() {
+    (0, import_fs2.mkdirSync)(this.configDir, { recursive: true });
+    const configPath = (0, import_path2.join)(this.configDir, "config.json");
+    (0, import_fs2.writeFileSync)(configPath, JSON.stringify(this.config, null, 2));
+  }
+  /**
+   * Load spending data from disk
+   */
+  loadSpending() {
+    const spendingPath = (0, import_path2.join)(this.configDir, "spending.json");
+    if ((0, import_fs2.existsSync)(spendingPath)) {
+      try {
+        const data = JSON.parse((0, import_fs2.readFileSync)(spendingPath, "utf-8"));
+        const today = (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0);
+        if (data.date && data.date === today) {
+          this.todaySpending = data.amount || 0;
+          this.lastSpendingReset = data.date;
+        } else {
+          this.todaySpending = 0;
+          this.lastSpendingReset = today;
+        }
+      } catch {
+        this.todaySpending = 0;
+        this.lastSpendingReset = (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0);
+      }
+    }
+  }
+  /**
+   * Save spending data to disk
+   */
+  saveSpending() {
+    (0, import_fs2.mkdirSync)(this.configDir, { recursive: true });
+    const spendingPath = (0, import_path2.join)(this.configDir, "spending.json");
+    const data = {
+      date: this.lastSpendingReset || (/* @__PURE__ */ new Date()).setHours(0, 0, 0, 0),
+      amount: this.todaySpending,
+      updatedAt: Date.now()
+    };
+    (0, import_fs2.writeFileSync)(spendingPath, JSON.stringify(data, null, 2));
+  }
+  loadWallet() {
+    const walletPath = (0, import_path2.join)(this.configDir, "wallet.json");
+    if ((0, import_fs2.existsSync)(walletPath)) {
+      if (process.platform !== "win32") {
+        try {
+          const stats = (0, import_fs2.statSync)(walletPath);
+          const mode = stats.mode & 511;
+          if (mode !== 384) {
+            console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
+            console.warn(`[MoltsPay] Fixing permissions to 0600...`);
+            (0, import_fs2.chmodSync)(walletPath, 384);
+          }
+        } catch {
+        }
+      }
+      const content = (0, import_fs2.readFileSync)(walletPath, "utf-8");
+      return JSON.parse(content);
+    }
+    return null;
+  }
+  /**
+   * Initialize a new wallet (called by CLI)
+   */
+  static init(configDir, options) {
+    (0, import_fs2.mkdirSync)(configDir, { recursive: true });
+    const wallet = import_ethers2.Wallet.createRandom();
+    const walletData = {
+      address: wallet.address,
+      privateKey: wallet.privateKey,
+      createdAt: Date.now()
+    };
+    const walletPath = (0, import_path2.join)(configDir, "wallet.json");
+    (0, import_fs2.writeFileSync)(walletPath, JSON.stringify(walletData, null, 2), { mode: 384 });
+    const config = {
+      chain: options.chain,
+      limits: {
+        maxPerTx: options.maxPerTx,
+        maxPerDay: options.maxPerDay
+      }
+    };
+    const configPath = (0, import_path2.join)(configDir, "config.json");
+    (0, import_fs2.writeFileSync)(configPath, JSON.stringify(config, null, 2));
+    return { address: wallet.address, configDir };
+  }
+  /**
+   * Get wallet balance (USDC, USDT, and native token) on default chain
+   */
+  async getBalance() {
+    if (!this.wallet) {
+      throw new Error("Client not initialized");
+    }
+    let chain;
+    try {
+      chain = getChain(this.config.chain);
+    } catch {
+      throw new Error(`Unknown chain: ${this.config.chain}`);
+    }
+    const provider = new import_ethers2.ethers.JsonRpcProvider(chain.rpc);
+    const tokenAbi = ["function balanceOf(address) view returns (uint256)"];
+    const [nativeBalance, usdcBalance, usdtBalance] = await Promise.all([
+      provider.getBalance(this.wallet.address),
+      new import_ethers2.ethers.Contract(chain.tokens.USDC.address, tokenAbi, provider).balanceOf(this.wallet.address),
+      new import_ethers2.ethers.Contract(chain.tokens.USDT.address, tokenAbi, provider).balanceOf(this.wallet.address)
+    ]);
+    return {
+      usdc: parseFloat(import_ethers2.ethers.formatUnits(usdcBalance, chain.tokens.USDC.decimals)),
+      usdt: parseFloat(import_ethers2.ethers.formatUnits(usdtBalance, chain.tokens.USDT.decimals)),
+      native: parseFloat(import_ethers2.ethers.formatEther(nativeBalance))
+    };
+  }
+  /**
+   * Get wallet balances on all supported chains (Base + Polygon + Tempo)
+   */
+  async getAllBalances() {
+    if (!this.wallet) {
+      throw new Error("Client not initialized");
+    }
+    const supportedChains = ["base", "polygon", "base_sepolia", "tempo_moderato", "bnb", "bnb_testnet"];
+    const tokenAbi = ["function balanceOf(address) view returns (uint256)"];
+    const results = {};
+    const tempoTokens = {
+      pathUSD: "0x20c0000000000000000000000000000000000000",
+      alphaUSD: "0x20c0000000000000000000000000000000000001",
+      betaUSD: "0x20c0000000000000000000000000000000000002",
+      thetaUSD: "0x20c0000000000000000000000000000000000003"
+    };
+    await Promise.all(
+      supportedChains.map(async (chainName) => {
+        try {
+          const chain = getChain(chainName);
+          const provider = new import_ethers2.ethers.JsonRpcProvider(chain.rpc);
+          if (chainName === "tempo_moderato") {
+            const [nativeBalance, pathUSD, alphaUSD, betaUSD, thetaUSD] = await Promise.all([
+              provider.getBalance(this.wallet.address),
+              new import_ethers2.ethers.Contract(tempoTokens.pathUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new import_ethers2.ethers.Contract(tempoTokens.alphaUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new import_ethers2.ethers.Contract(tempoTokens.betaUSD, tokenAbi, provider).balanceOf(this.wallet.address),
+              new import_ethers2.ethers.Contract(tempoTokens.thetaUSD, tokenAbi, provider).balanceOf(this.wallet.address)
+            ]);
+            results[chainName] = {
+              usdc: parseFloat(import_ethers2.ethers.formatUnits(pathUSD, 6)),
+              // pathUSD as default USDC
+              usdt: parseFloat(import_ethers2.ethers.formatUnits(alphaUSD, 6)),
+              // alphaUSD as default USDT
+              native: parseFloat(import_ethers2.ethers.formatEther(nativeBalance)),
+              tempo: {
+                pathUSD: parseFloat(import_ethers2.ethers.formatUnits(pathUSD, 6)),
+                alphaUSD: parseFloat(import_ethers2.ethers.formatUnits(alphaUSD, 6)),
+                betaUSD: parseFloat(import_ethers2.ethers.formatUnits(betaUSD, 6)),
+                thetaUSD: parseFloat(import_ethers2.ethers.formatUnits(thetaUSD, 6))
+              }
+            };
+          } else {
+            const [nativeBalance, usdcBalance, usdtBalance] = await Promise.all([
+              provider.getBalance(this.wallet.address),
+              new import_ethers2.ethers.Contract(chain.tokens.USDC.address, tokenAbi, provider).balanceOf(this.wallet.address),
+              new import_ethers2.ethers.Contract(chain.tokens.USDT.address, tokenAbi, provider).balanceOf(this.wallet.address)
+            ]);
+            results[chainName] = {
+              usdc: parseFloat(import_ethers2.ethers.formatUnits(usdcBalance, chain.tokens.USDC.decimals)),
+              usdt: parseFloat(import_ethers2.ethers.formatUnits(usdtBalance, chain.tokens.USDT.decimals)),
+              native: parseFloat(import_ethers2.ethers.formatEther(nativeBalance))
+            };
+          }
+        } catch (err2) {
+          results[chainName] = { usdc: 0, usdt: 0, native: 0 };
+        }
+      })
+    );
+    return results;
+  }
+  /**
+   * Pay for a service using MPP (Machine Payments Protocol)
+   * 
+   * This implements the MPP flow manually for EOA wallets:
+   * 1. Request service → get 402 with WWW-Authenticate
+   * 2. Parse payment requirements
+   * 3. Execute transfer on Tempo chain
+   * 4. Retry with transaction hash as credential
+   * 
+   * @param url - Full URL of the MPP-enabled endpoint
+   * @param options - Request options (body, headers)
+   * @returns Response from the service
+   */
+  async payWithMPP(url, options = {}) {
+    if (!this.wallet || !this.walletData) {
+      throw new Error("Client not initialized. Run: npx moltspay init");
+    }
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const { createWalletClient, createPublicClient, http } = await import("viem");
+    const { tempoModerato } = await import("viem/chains");
+    const { Actions } = await import("viem/tempo");
+    const privateKey = this.walletData.privateKey;
+    const account = privateKeyToAccount(privateKey);
+    console.log(`[MoltsPay] Making MPP request to: ${url}`);
+    console.log(`[MoltsPay] Using account: ${account.address}`);
+    const initResponse = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...options.headers
+      },
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+    if (initResponse.status !== 402) {
+      if (initResponse.ok) {
+        return initResponse.json();
+      }
+      const errorText = await initResponse.text();
+      throw new Error(`Request failed (${initResponse.status}): ${errorText}`);
+    }
+    const wwwAuth = initResponse.headers.get("www-authenticate");
+    if (!wwwAuth || !wwwAuth.toLowerCase().includes("payment")) {
+      throw new Error("No WWW-Authenticate Payment challenge in 402 response");
+    }
+    console.log(`[MoltsPay] Got 402, parsing payment challenge...`);
+    const parseAuthParam = (header, key) => {
+      const match = header.match(new RegExp(`${key}="([^"]+)"`, "i"));
+      return match ? match[1] : null;
+    };
+    const challengeId = parseAuthParam(wwwAuth, "id");
+    const method = parseAuthParam(wwwAuth, "method");
+    const realm = parseAuthParam(wwwAuth, "realm");
+    const requestB64 = parseAuthParam(wwwAuth, "request");
+    if (method !== "tempo") {
+      throw new Error(`Unsupported payment method: ${method}`);
+    }
+    if (!requestB64) {
+      throw new Error("Missing request in WWW-Authenticate");
+    }
+    const requestJson = Buffer.from(requestB64, "base64").toString("utf-8");
+    const paymentRequest = JSON.parse(requestJson);
+    console.log(`[MoltsPay] Payment request:`, paymentRequest);
+    const { amount, currency, recipient, methodDetails } = paymentRequest;
+    const chainId = methodDetails?.chainId || 42431;
+    console.log(`[MoltsPay] Executing transfer on Tempo (chainId: ${chainId})...`);
+    console.log(`[MoltsPay] Amount: ${amount}, To: ${recipient}`);
+    const tempoChain = { ...tempoModerato, feeToken: currency };
+    const publicClient = createPublicClient({
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const walletClient = createWalletClient({
+      account,
+      chain: tempoChain,
+      transport: http("https://rpc.moderato.tempo.xyz")
+    });
+    const txHash = await Actions.token.transfer(walletClient, {
+      to: recipient,
+      amount: BigInt(amount),
+      token: currency
+    });
+    console.log(`[MoltsPay] Transaction sent: ${txHash}`);
+    console.log(`[MoltsPay] Waiting for confirmation...`);
+    await publicClient.waitForTransactionReceipt({ hash: txHash });
+    console.log(`[MoltsPay] Transaction confirmed!`);
+    const challenge = {
+      id: challengeId,
+      realm,
+      method: "tempo",
+      intent: "charge",
+      request: paymentRequest
+    };
+    const credential = {
+      challenge,
+      payload: { hash: txHash, type: "hash" },
+      source: `did:pkh:eip155:${chainId}:${account.address}`
+    };
+    const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    console.log(`[MoltsPay] Retrying with payment credential...`);
+    const paidResponse = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Payment ${credentialB64}`,
+        ...options.headers
+      },
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+    if (!paidResponse.ok) {
+      const errorText = await paidResponse.text();
+      throw new Error(`Payment verification failed (${paidResponse.status}): ${errorText}`);
+    }
+    console.log(`[MoltsPay] Payment verified! Service completed.`);
+    return paidResponse.json();
+  }
+};
+
+// src/mcp/server.ts
+var CHAIN_NAMES = [
+  ...Object.keys(CHAINS),
+  ...Object.keys(SOLANA_CHAINS)
+];
+var TOKEN_SYMBOLS = ["USDC", "USDT"];
+function ok(payload) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(payload, null, 2) }]
+  };
+}
+function err(message) {
+  return {
+    isError: true,
+    content: [{ type: "text", text: `Error: ${message}` }]
+  };
+}
+function errorMessage(e) {
+  return e instanceof Error ? e.message : String(e);
+}
+function wrap(fn) {
+  return async (args) => {
+    try {
+      return await fn(args);
+    } catch (e) {
+      return err(errorMessage(e));
+    }
+  };
+}
+function getPackageVersion() {
+  const candidates = [
+    (0, import_path3.join)(__dirname, "../../package.json"),
+    (0, import_path3.join)(__dirname, "../package.json"),
+    (0, import_path3.join)(process.cwd(), "node_modules/moltspay/package.json")
+  ];
+  for (const loc of candidates) {
+    try {
+      if ((0, import_fs3.existsSync)(loc)) {
+        const pkg = JSON.parse((0, import_fs3.readFileSync)(loc, "utf-8"));
+        if (pkg.name === "moltspay") return pkg.version;
+      }
+    } catch {
+    }
+  }
+  return "0.0.0";
+}
+function createMoltsPayMcpServer(options = {}) {
+  const client = new MoltsPayClient({ configDir: options.configDir });
+  if (!client.isInitialized) {
+    throw new Error(
+      "MoltsPay wallet not found. Run `moltspay init` before starting the MCP server."
+    );
+  }
+  const dryRun = options.dryRun === true;
+  const requireConfirm = process.env.MOLTSPAY_MCP_REQUIRE_CONFIRM === "1";
+  const server = new import_mcp.McpServer({
+    name: "moltspay",
+    version: getPackageVersion()
+  });
+  server.registerTool(
+    "moltspay_status",
+    {
+      title: "Wallet Status",
+      description: "Return the MoltsPay wallet address, balances across all supported chains, and current spending limits.",
+      inputSchema: {},
+      annotations: { readOnlyHint: true, openWorldHint: true }
+    },
+    wrap(async () => {
+      const config = client.getConfig();
+      const balances = await client.getAllBalances();
+      return ok({
+        address: client.address,
+        defaultChain: config.chain,
+        balances,
+        limits: config.limits
+      });
+    })
+  );
+  server.registerTool(
+    "moltspay_services",
+    {
+      title: "List Provider Services",
+      description: "Fetch the services manifest from a MoltsPay provider URL (e.g. https://moltspay.com/a/zen7). Returns service IDs, prices, input schemas, and accepted chains.",
+      inputSchema: {
+        url: import_zod.z.url().describe("Provider base URL."),
+        maxPrice: import_zod.z.number().positive().optional().describe("Only return services priced at or below this amount."),
+        query: import_zod.z.string().optional().describe("Case-insensitive substring match on service id / name / description.")
+      },
+      annotations: { readOnlyHint: true, openWorldHint: true }
+    },
+    wrap(async ({ url, maxPrice, query }) => {
+      const res = await client.getServices(url);
+      let services = res.services ?? [];
+      if (typeof maxPrice === "number") {
+        services = services.filter((s) => typeof s.price !== "number" || s.price <= maxPrice);
+      }
+      if (query) {
+        const q = query.toLowerCase();
+        services = services.filter(
+          (s) => [s.id, s.name, s.description].some((f) => f?.toLowerCase().includes(q))
+        );
+      }
+      return ok({ provider: res.provider, services });
+    })
+  );
+  server.registerTool(
+    "moltspay_pay",
+    {
+      title: "Pay For Service",
+      description: "Execute an x402/MPP/SOL/BNB payment and call a provider service. Honors SDK-level spending limits. When MOLTSPAY_MCP_REQUIRE_CONFIRM=1, the caller must pass confirmed: true.",
+      inputSchema: {
+        url: import_zod.z.url().describe("Provider base URL."),
+        service: import_zod.z.string().min(1).describe("Service id from moltspay_services."),
+        params: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).describe("Service parameters. Wrapped as { params } unless rawData is true."),
+        chain: import_zod.z.enum(CHAIN_NAMES).optional().describe("Chain to pay on. Required unless the provider only accepts one chain."),
+        token: import_zod.z.enum(TOKEN_SYMBOLS).optional().describe("Token symbol. Default USDC."),
+        rawData: import_zod.z.boolean().optional().describe("Send params at top level instead of wrapped in { params }."),
+        confirmed: import_zod.z.boolean().optional().describe("Required when MOLTSPAY_MCP_REQUIRE_CONFIRM=1 is set on the server.")
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
+    },
+    wrap(async ({ url, service, params, chain, token, rawData, confirmed }) => {
+      if (dryRun) {
+        return ok({
+          dryRun: true,
+          message: "Dry-run mode: no payment will be executed. Inspect moltspay_services for prices.",
+          intent: { url, service, params, chain, token, rawData }
+        });
+      }
+      if (requireConfirm && confirmed !== true) {
+        return err(
+          "Confirmation required: server was started with MOLTSPAY_MCP_REQUIRE_CONFIRM=1. Re-call with confirmed: true after reviewing the price via moltspay_services."
+        );
+      }
+      const result = await client.pay(url, service, params, { chain, token, rawData });
+      return ok({ success: true, result });
+    })
+  );
+  server.registerTool(
+    "moltspay_config",
+    {
+      title: "Wallet Config",
+      description: "Read or update MoltsPay wallet spending limits (maxPerTx, maxPerDay). Pass no arguments to read.",
+      inputSchema: {
+        maxPerTx: import_zod.z.number().positive().optional().describe("New per-transaction USD limit."),
+        maxPerDay: import_zod.z.number().positive().optional().describe("New daily USD limit.")
+      },
+      annotations: { readOnlyHint: false, idempotentHint: true, openWorldHint: false }
+    },
+    wrap(async ({ maxPerTx, maxPerDay }) => {
+      if (maxPerTx !== void 0 || maxPerDay !== void 0) {
+        client.updateConfig({ maxPerTx, maxPerDay });
+      }
+      const config = client.getConfig();
+      return ok({
+        address: client.address,
+        defaultChain: config.chain,
+        limits: config.limits
+      });
+    })
+  );
+  return server;
+}
+
+// src/mcp/index.ts
+if (!globalThis.crypto) {
+  globalThis.crypto = import_crypto.webcrypto;
+}
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let dryRun = false;
+  let configDir;
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (a === "--dry-run") {
+      dryRun = true;
+    } else if (a === "--config-dir") {
+      const next = args[i + 1];
+      if (!next || next.startsWith("--")) {
+        throw new Error("--config-dir requires a path argument");
+      }
+      configDir = next;
+      i++;
+    } else {
+      throw new Error(`Unknown argument: ${a}`);
+    }
+  }
+  return { dryRun, configDir };
+}
+async function main() {
+  const { dryRun, configDir } = parseArgs(process.argv);
+  const server = createMoltsPayMcpServer({ dryRun, configDir });
+  const transport = new import_stdio.StdioServerTransport();
+  await server.connect(transport);
+  process.stderr.write(`moltspay-mcp ready${dryRun ? " (dry-run)" : ""}
+`);
+}
+main().catch((e) => {
+  process.stderr.write(
+    `moltspay-mcp failed to start: ${e instanceof Error ? e.message : String(e)}
+`
+  );
+  process.exit(1);
+});
+//# sourceMappingURL=index.js.map