safehands-pharos 1.2.0 → 1.2.3

package/dist/tools/tokenRegistryStatus.d.ts

@@ -0,0 +1,27 @@
+import { z } from "zod";
+import { type ToolResponse } from "../lib/toolResponse.js";
+export declare const tokenRegistryStatusSchema: z.ZodObject<{
+    token: z.ZodOptional<z.ZodString>;
+    tokenAddress: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    token?: string | undefined;
+    tokenAddress?: string | undefined;
+}, {
+    token?: string | undefined;
+    tokenAddress?: string | undefined;
+}>;
+export type TokenRegistryStatusInput = z.input<typeof tokenRegistryStatusSchema>;
+export type TokenRegistryStatusValue = "CANONICAL_TESTNET_TOKEN" | "SKILL_ENGINE_CANONICAL_TOKEN" | "ALTERNATE_SOURCE_TOKEN" | "CUSTOM_NON_REGISTRY" | "UNKNOWN" | "INVALID_ADDRESS";
+export declare function classifyTokenRegistryStatus(token: string): {
+    input: string;
+    normalizedAddress: any;
+    symbol: any;
+    status: TokenRegistryStatusValue;
+    verificationStatus: any;
+    docsSource: any;
+    chainId: number;
+    environment: string;
+    isMainnet: boolean;
+};
+export declare function handleTokenRegistryStatus(raw: TokenRegistryStatusInput): Promise<ToolResponse<unknown>>;
+//# sourceMappingURL=tokenRegistryStatus.d.ts.map

package/dist/tools/tokenRegistryStatus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenRegistryStatus.d.ts","sourceRoot":"","sources":["../../src/tools/tokenRegistryStatus.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAM,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAG/D,eAAO,MAAM,yBAAyB;;;;;;;;;EAGpC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEjF,MAAM,MAAM,wBAAwB,GAChC,yBAAyB,GACzB,8BAA8B,GAC9B,wBAAwB,GACxB,qBAAqB,GACrB,SAAS,GACT,iBAAiB,CAAC;AAQtB,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,MAAM;;;;;;;;;;EA2ExD;AAED,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAG7G"}

package/dist/tools/tokenRegistryStatus.js

@@ -0,0 +1,97 @@
+// ─── Tool: token_registry_status ───────────────────────────────────────
+// Classify exact token addresses without silently replacing user input.
+// The official Pharos Skill Engine (pharos-skill-engine-0.1.0)
+// assets/tokens.json lists 0xE0BE... as USDC for atlantic-testnet.
+// ───────────────────────────────────────────────────────────────────────
+import { z } from "zod";
+import { getAddress, isAddress } from "viem";
+import { ok } from "../lib/toolResponse.js";
+import { TOKEN_REGISTRY, CIRCLE_USDC_ADDRESS, CHAIN_ID, PHAROS_ENVIRONMENT } from "../lib/constants.js";
+export const tokenRegistryStatusSchema = z.object({
+    token: z.string().optional().describe("Token symbol or exact contract address to classify"),
+    tokenAddress: z.string().optional().describe("Exact token contract address to classify"),
+});
+function deriveStatus(match) {
+    if (match.verificationStatus === "DOCS_VERIFIED_FROM_PHAROS_SKILL_ENGINE")
+        return "SKILL_ENGINE_CANONICAL_TOKEN";
+    if (match.verificationStatus === "CIRCLE_REFERENCED_USDC")
+        return "ALTERNATE_SOURCE_TOKEN";
+    return "CANONICAL_TESTNET_TOKEN";
+}
+export function classifyTokenRegistryStatus(token) {
+    const raw = token.trim();
+    const upper = raw.toUpperCase();
+    const bySymbol = TOKEN_REGISTRY[upper];
+    if (bySymbol) {
+        return {
+            input: token,
+            normalizedAddress: bySymbol.address,
+            symbol: bySymbol.symbol,
+            status: deriveStatus(bySymbol),
+            verificationStatus: bySymbol.verificationStatus || (bySymbol.isCanonical ? "PROJECT_CONFIGURED" : "UNVERIFIED_CONFIG_VALUE"),
+            docsSource: bySymbol.docsSource || "project constants",
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+        };
+    }
+    if (!isAddress(raw)) {
+        return {
+            input: token,
+            normalizedAddress: null,
+            symbol: null,
+            status: "INVALID_ADDRESS",
+            verificationStatus: "INVALID_ADDRESS",
+            docsSource: null,
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+        };
+    }
+    const checksum = getAddress(raw);
+    const entries = Object.values(TOKEN_REGISTRY);
+    const match = entries.find((t) => t.address.toLowerCase() === checksum.toLowerCase());
+    if (match) {
+        return {
+            input: token,
+            normalizedAddress: checksum,
+            symbol: match.symbol,
+            status: deriveStatus(match),
+            verificationStatus: match.verificationStatus || "PROJECT_CONFIGURED",
+            docsSource: match.docsSource || "project constants",
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+        };
+    }
+    // Check if it's the Circle USDC address directly (even if not primary)
+    if (checksum.toLowerCase() === CIRCLE_USDC_ADDRESS.toLowerCase()) {
+        return {
+            input: token,
+            normalizedAddress: checksum,
+            symbol: "CIRCLE_USDC",
+            status: "ALTERNATE_SOURCE_TOKEN",
+            verificationStatus: "CIRCLE_REFERENCED_USDC",
+            docsSource: "https://developers.circle.com/stablecoins/usdc-contract-addresses",
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+        };
+    }
+    return {
+        input: token,
+        normalizedAddress: checksum,
+        symbol: null,
+        status: "CUSTOM_NON_REGISTRY",
+        verificationStatus: "UNVERIFIED_CUSTOM_TOKEN",
+        docsSource: null,
+        chainId: CHAIN_ID,
+        environment: PHAROS_ENVIRONMENT,
+        isMainnet: false,
+    };
+}
+export async function handleTokenRegistryStatus(raw) {
+    const input = tokenRegistryStatusSchema.parse(raw);
+    return ok(classifyTokenRegistryStatus(input.tokenAddress || input.token || ""));
+}
+//# sourceMappingURL=tokenRegistryStatus.js.map

package/dist/tools/tokenRegistryStatus.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenRegistryStatus.js","sourceRoot":"","sources":["../../src/tools/tokenRegistryStatus.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,wEAAwE;AACxE,+DAA+D;AAC/D,mEAAmE;AACnE,0EAA0E;AAE1E,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC7C,OAAO,EAAE,EAAE,EAAqB,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAExG,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;IAC3F,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;CACzF,CAAC,CAAC;AAYH,SAAS,YAAY,CAAC,KAAU;IAC9B,IAAI,KAAK,CAAC,kBAAkB,KAAK,wCAAwC;QAAE,OAAO,8BAA8B,CAAC;IACjH,IAAI,KAAK,CAAC,kBAAkB,KAAK,wBAAwB;QAAE,OAAO,wBAAwB,CAAC;IAC3F,OAAO,yBAAyB,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,KAAa;IACvD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACzB,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAI,cAAsC,CAAC,KAAK,CAAC,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,iBAAiB,EAAE,QAAQ,CAAC,OAAO;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC;YAC9B,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,yBAAyB,CAAC;YAC5H,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,mBAAmB;YACtD,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,iBAAiB,EAAE,IAAI;YACvB,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,iBAA6C;YACrD,kBAAkB,EAAE,iBAAiB;YACrC,UAAU,EAAE,IAAI;YAChB,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,cAAqC,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,IAAI,KAAK,EAAE,CAAC;QACV,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,iBAAiB,EAAE,QAAQ;YAC3B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC;YAC3B,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,IAAI,oBAAoB;YACpE,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,mBAAmB;YACnD,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,IAAI,QAAQ,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAAC,WAAW,EAAE,EAAE,CAAC;QACjE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,iBAAiB,EAAE,QAAQ;YAC3B,MAAM,EAAE,aAAa;YACrB,MAAM,EAAE,wBAAoD;YAC5D,kBAAkB,EAAE,wBAAwB;YAC5C,UAAU,EAAE,mEAAmE;YAC/E,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,iBAAiB,EAAE,QAAQ;QAC3B,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,qBAAiD;QACzD,kBAAkB,EAAE,yBAAyB;QAC7C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,QAAQ;QACjB,WAAW,EAAE,kBAAkB;QAC/B,SAAS,EAAE,KAAK;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,GAA6B;IAC3E,MAAM,KAAK,GAAG,yBAAyB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,OAAO,EAAE,CAAC,2BAA2B,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;AAClF,CAAC"}

package/dist/tools/x402PayAndFetch.d.ts

@@ -4,16 +4,22 @@ export declare const x402PayAndFetchSchema: z.ZodObject<{
     method: z.ZodDefault<z.ZodOptional<z.ZodEnum<["GET", "POST", "PUT", "DELETE"]>>>;
     body: z.ZodOptional<z.ZodString>;
     rpcUrl: z.ZodOptional<z.ZodString>;
+    agentId: z.ZodOptional<z.ZodString>;
+    maxPaymentUsdc: z.ZodDefault<z.ZodOptional<z.ZodString>>;
 }, "strip", z.ZodTypeAny, {
-    method: "GET" | "POST" | "PUT" | "DELETE";
     url: string;
+    method: "GET" | "POST" | "PUT" | "DELETE";
+    maxPaymentUsdc: string;
     body?: string | undefined;
+    agentId?: string | undefined;
     rpcUrl?: string | undefined;
 }, {
     url: string;
     body?: string | undefined;
     method?: "GET" | "POST" | "PUT" | "DELETE" | undefined;
+    agentId?: string | undefined;
     rpcUrl?: string | undefined;
+    maxPaymentUsdc?: string | undefined;
 }>;
 export type X402PayAndFetchInput = z.input<typeof x402PayAndFetchSchema>;
 export declare const x402PayAndFetchTool: {
@@ -24,35 +30,53 @@ export declare const x402PayAndFetchTool: {
         method: z.ZodDefault<z.ZodOptional<z.ZodEnum<["GET", "POST", "PUT", "DELETE"]>>>;
         body: z.ZodOptional<z.ZodString>;
         rpcUrl: z.ZodOptional<z.ZodString>;
+        agentId: z.ZodOptional<z.ZodString>;
+        maxPaymentUsdc: z.ZodDefault<z.ZodOptional<z.ZodString>>;
     }, "strip", z.ZodTypeAny, {
-        method: "GET" | "POST" | "PUT" | "DELETE";
         url: string;
+        method: "GET" | "POST" | "PUT" | "DELETE";
+        maxPaymentUsdc: string;
         body?: string | undefined;
+        agentId?: string | undefined;
         rpcUrl?: string | undefined;
     }, {
         url: string;
         body?: string | undefined;
         method?: "GET" | "POST" | "PUT" | "DELETE" | undefined;
+        agentId?: string | undefined;
         rpcUrl?: string | undefined;
+        maxPaymentUsdc?: string | undefined;
     }>;
 };
-export declare function handleX402PayAndFetch(raw: X402PayAndFetchInput): Promise<{
-    success: boolean;
+export declare function handleX402PayAndFetch(raw: X402PayAndFetchInput): Promise<import("../lib/toolResponse.js").ToolFailure | import("../lib/toolResponse.js").ToolSuccess<{
     status: number;
     statusText: string;
-    data: any;
+    data: unknown;
+    paymentExecuted: boolean;
+    paymentDetails: null;
+    chainId: number;
+    environment: string;
+    isMainnet: boolean;
+    policy: import("../lib/policy/actionPolicyEngine.js").ActionPolicyResult;
+    source: string;
+}> | import("../lib/toolResponse.js").ToolSuccess<{
+    status: number;
+    statusText: string;
+    data: unknown;
     paymentExecuted: boolean;
     paymentDetails: {
-        header: string;
+        headerRedacted: boolean;
+        note: string;
     } | null;
-    error?: undefined;
-} | {
-    success: boolean;
-    error: string;
-    status?: undefined;
-    statusText?: undefined;
-    data?: undefined;
-    paymentExecuted?: undefined;
-    paymentDetails?: undefined;
-}>;
+    signerMode: import("../lib/signer/index.js").SignerMode;
+    walletAddress: `0x${string}`;
+    paymentToken: `0x${string}`;
+    maxPaymentUsdc: string;
+    chainId: number;
+    environment: string;
+    isMainnet: boolean;
+    policy: import("../lib/policy/actionPolicyEngine.js").ActionPolicyResult;
+    testnetPayment: boolean;
+    source: string;
+}>>;
 //# sourceMappingURL=x402PayAndFetch.d.ts.map

package/dist/tools/x402PayAndFetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"x402PayAndFetch.d.ts","sourceRoot":"","sources":["../../src/tools/x402PayAndFetch.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;EAKhC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEzE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;CAM/B,CAAC;AAEF,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,oBAAoB;;;;;;;;;;;;;;;;;;GAoEpE"}
+{"version":3,"file":"x402PayAndFetch.d.ts","sourceRoot":"","sources":["../../src/tools/x402PayAndFetch.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;EAOhC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEzE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAM/B,CAAC;AA0BF,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0HpE"}

package/dist/tools/x402PayAndFetch.js

@@ -1,82 +1,150 @@
 // ─── Tool: x402_pay_and_fetch ─────────────────────────────────────────────
 // Enables an agent to fetch protected resources from an x402 server.
-// Automatically executes the payment challenge when HTTP 402 is returned.
+// Automatically executes the payment challenge only after HTTP 402 is returned.
 // ─────────────────────────────────────────────────────────────────────────
 import { z } from "zod";
 import { wrapFetchWithPayment, x402Client } from "@x402/fetch";
 import { registerExactEvmScheme } from "@x402/evm/exact/client";
-import { privateKeyToAccount } from "viem/accounts";
+import { CHAIN_ID, PHAROS_ENVIRONMENT, RPC_URL, MAX_X402_PAYMENT_USDC, X402_PAYMENT_TOKEN_ADDRESS } from "../lib/constants.js";
+import { assertSafeFetchUrl, fetchWithTimeoutAndRetry } from "../lib/http.js";
+import { fail, ok } from "../lib/toolResponse.js";
+import { getSigner, isSignerFailure } from "../lib/signer/index.js";
+import { evaluateActionPolicy } from "../lib/policy/actionPolicyEngine.js";
 export const x402PayAndFetchSchema = z.object({
     url: z.string().describe("Target URL of the protected resource requiring x402 payment"),
     method: z.enum(["GET", "POST", "PUT", "DELETE"]).optional().default("GET").describe("HTTP method to use"),
     body: z.string().optional().describe("Optional stringified JSON request body"),
     rpcUrl: z.string().optional().describe("Custom RPC URL for payment verification (defaults to Atlantic Testnet RPC)"),
+    agentId: z.string().optional().describe("Managed testnet wallet agentId when WALLET_MODE=managed-testnet"),
+    maxPaymentUsdc: z.string().optional().default(MAX_X402_PAYMENT_USDC),
 });
 export const x402PayAndFetchTool = {
     name: "x402_pay_and_fetch",
     description: "Fetch resources from an HTTP x402 payment-gated server. " +
-        "If the server challenges with HTTP 402, this tool automatically signs the required payment payload and completes the fetch.",
+        "If the server challenges with HTTP 402, this tool signs the required testnet payment payload and completes the fetch.",
     inputSchema: x402PayAndFetchSchema,
 };
-export async function handleX402PayAndFetch(raw) {
-    const privateKey = process.env.PRIVATE_KEY;
-    if (!privateKey)
-        throw new Error("Missing PRIVATE_KEY in environment variables.");
-    const input = x402PayAndFetchSchema.parse(raw);
-    const pk = privateKey;
-    if (!pk) {
-        throw new Error("Private key is required to execute x402 payments.");
+async function readResponseBody(res) {
+    const contentType = res.headers.get("content-type") || "";
+    if (contentType.includes("application/json")) {
+        try {
+            return await res.json();
+        }
+        catch {
+            return null;
+        }
     }
-    const rpc = input.rpcUrl || process.env.PHAROS_RPC_URL || "https://atlantic.dplabs-internal.com/";
-    // 1. Initialize EVM Account
-    const signer = privateKeyToAccount(pk);
-    // 2. Setup x402 client
-    const client = new x402Client();
-    registerExactEvmScheme(client, {
-        signer,
-        schemeOptions: {
-            688689: { rpcUrl: rpc },
-        },
-    });
-    // 3. Wrap fetch
-    const fetchWithPayment = wrapFetchWithPayment(fetch, client);
-    // 4. Perform the request
+    return await res.text();
+}
+function buildFetchOptions(input) {
     const fetchOptions = {
         method: input.method,
         headers: {
             "Content-Type": "application/json",
         },
     };
-    if (input.body) {
+    if (input.body)
         fetchOptions.body = input.body;
+    return fetchOptions;
+}
+export async function handleX402PayAndFetch(raw) {
+    const input = x402PayAndFetchSchema.parse(raw);
+    try {
+        await assertSafeFetchUrl(input.url);
+    }
+    catch (err) {
+        return fail("SSRF_BLOCKED", err instanceof Error ? err.message.replace(/^SSRF_BLOCKED:\s*/, "") : String(err), false, "x402_pay_and_fetch");
+    }
+    const staticPolicy = evaluateActionPolicy({
+        actionType: "x402_pay_and_fetch",
+        url: input.url,
+        paymentAmountUsdc: input.maxPaymentUsdc,
+        paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
+        chainId: CHAIN_ID,
+        environment: PHAROS_ENVIRONMENT,
+        isMainnet: false,
+    });
+    if (staticPolicy.decision === "BLOCK") {
+        return fail("POLICY_BLOCKED", staticPolicy.reasons.join(" ") || "x402 request blocked by SafeHands policy.", false, "x402_pay_and_fetch");
     }
+    const fetchOptions = buildFetchOptions(input);
     try {
-        const res = await fetchWithPayment(input.url, fetchOptions);
-        const contentType = res.headers.get("content-type") || "";
-        let responseData;
-        if (contentType.includes("application/json")) {
-            responseData = await res.json();
+        const initial = await fetchWithTimeoutAndRetry(input.url, {
+            ...fetchOptions,
+            timeoutMs: 10_000,
+            retries: 1,
+            retryDelayMs: 250,
+        });
+        if (initial.status !== 402) {
+            const data = await readResponseBody(initial);
+            return ok({
+                status: initial.status,
+                statusText: initial.statusText,
+                data,
+                paymentExecuted: false,
+                paymentDetails: null,
+                chainId: CHAIN_ID,
+                environment: PHAROS_ENVIRONMENT,
+                isMainnet: false,
+                policy: staticPolicy,
+                source: "x402_fetch",
+            });
+        }
+        const signer = await getSigner(input.agentId, { purpose: "x402" });
+        if (isSignerFailure(signer)) {
+            return fail("X402_PAYMENT_REQUIRED", `The resource returned HTTP 402, but no safe x402 signer is available: ${signer.error.message}`, false, "x402_pay_and_fetch");
         }
-        else {
-            responseData = await res.text();
+        const paymentPolicy = evaluateActionPolicy({
+            actionType: "x402_pay_and_fetch",
+            url: input.url,
+            paymentAmountUsdc: input.maxPaymentUsdc,
+            paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+            signerAvailable: true,
+            requiresSigner: true,
+        });
+        if (paymentPolicy.decision === "BLOCK") {
+            return fail("POLICY_BLOCKED", paymentPolicy.reasons.join(" ") || "x402 payment blocked by SafeHands policy.", false, "x402_pay_and_fetch");
         }
-        const paymentResponseHeader = res.headers.get("PAYMENT-RESPONSE");
-        return {
-            success: res.ok,
-            status: res.status,
-            statusText: res.statusText,
-            data: responseData,
+        const rpc = input.rpcUrl || process.env.PHAROS_RPC_URL || RPC_URL;
+        const client = new x402Client();
+        registerExactEvmScheme(client, {
+            signer: signer.account,
+            schemeOptions: {
+                [CHAIN_ID]: { rpcUrl: rpc },
+            },
+        });
+        const fetchWithPayment = wrapFetchWithPayment(fetch, client);
+        const paidResponse = await fetchWithPayment(input.url, fetchOptions);
+        const data = await readResponseBody(paidResponse);
+        const paymentResponseHeader = paidResponse.headers.get("PAYMENT-RESPONSE");
+        return ok({
+            status: paidResponse.status,
+            statusText: paidResponse.statusText,
+            data,
             paymentExecuted: !!paymentResponseHeader,
-            paymentDetails: paymentResponseHeader ? {
-                header: paymentResponseHeader,
-            } : null,
-        };
+            paymentDetails: paymentResponseHeader
+                ? {
+                    headerRedacted: true,
+                    note: "PAYMENT-RESPONSE header was present but intentionally not exposed to avoid leaking signed payment data.",
+                }
+                : null,
+            signerMode: signer.mode,
+            walletAddress: signer.address,
+            paymentToken: X402_PAYMENT_TOKEN_ADDRESS,
+            maxPaymentUsdc: input.maxPaymentUsdc,
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+            policy: paymentPolicy,
+            testnetPayment: true,
+            source: "x402_fetch",
+        });
     }
     catch (err) {
-        return {
-            success: false,
-            error: `x402 fetch failed: ${err.message}`,
-        };
+        return fail("X402_PAYMENT_FAILED", err instanceof Error ? err.message : String(err), true, "x402_pay_and_fetch");
     }
 }
 //# sourceMappingURL=x402PayAndFetch.js.map

package/dist/tools/x402PayAndFetch.js.map

@@ -1 +1 @@
-{"version":3,"file":"x402PayAndFetch.js","sourceRoot":"","sources":["../../src/tools/x402PayAndFetch.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,qEAAqE;AACrE,0EAA0E;AAC1E,4EAA4E;AAE5E,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEpD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACzG,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4EAA4E,CAAC;CACrH,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,0DAA0D;QAC1D,6HAA6H;IAC/H,WAAW,EAAE,qBAAqB;CACnC,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAyB;IACnE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IAClF,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE/C,MAAM,EAAE,GAAG,UAAU,CAAC;IACtB,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,uCAAuC,CAAC;IAElG,4BAA4B;IAC5B,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAmB,CAAC,CAAC;IAExD,uBAAuB;IACvB,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;IAChC,sBAAsB,CAAC,MAAM,EAAE;QAC7B,MAAM;QACN,aAAa,EAAE;YACb,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE;SACxB;KACF,CAAC,CAAC;IAEH,gBAAgB;IAChB,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAE7D,yBAAyB;IACzB,MAAM,YAAY,GAAgB;QAChC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,YAAY,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IACjC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC5D,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QAE1D,IAAI,YAAiB,CAAC;QACtB,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC7C,YAAY,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,qBAAqB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAElE,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,EAAE;YACf,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,IAAI,EAAE,YAAY;YAClB,eAAe,EAAE,CAAC,CAAC,qBAAqB;YACxC,cAAc,EAAE,qBAAqB,CAAC,CAAC,CAAC;gBACtC,MAAM,EAAE,qBAAqB;aAC9B,CAAC,CAAC,CAAC,IAAI;SACT,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,sBAAsB,GAAG,CAAC,OAAO,EAAE;SAC3C,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"x402PayAndFetch.js","sourceRoot":"","sources":["../../src/tools/x402PayAndFetch.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,qEAAqE;AACrE,gFAAgF;AAChF,4EAA4E;AAE5E,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE,OAAO,EAAE,qBAAqB,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAC/H,OAAO,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACzG,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4EAA4E,CAAC;IACpH,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iEAAiE,CAAC;IAC1G,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,qBAAqB,CAAC;CACrE,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,0DAA0D;QAC1D,uHAAuH;IACzH,WAAW,EAAE,qBAAqB;CACnC,CAAC;AAEF,KAAK,UAAU,gBAAgB,CAAC,GAAa;IAC3C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAC1D,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA4C;IACrE,MAAM,YAAY,GAAgB;QAChC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC;IAEF,IAAI,KAAK,CAAC,IAAI;QAAE,YAAY,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IAC/C,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAyB;IACnE,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CACT,cAAc,EACd,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EACjF,KAAK,EACL,oBAAoB,CACrB,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,oBAAoB,CAAC;QACxC,UAAU,EAAE,oBAAoB;QAChC,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,iBAAiB,EAAE,KAAK,CAAC,cAAc;QACvC,mBAAmB,EAAE,0BAA0B;QAC/C,OAAO,EAAE,QAAQ;QACjB,WAAW,EAAE,kBAAkB;QAC/B,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;IACH,IAAI,YAAY,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,2CAA2C,EAAE,KAAK,EAAE,oBAAoB,CAAC,CAAC;IAC5I,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,GAAG,EAAE;YACxD,GAAG,YAAY;YACf,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,CAAC;YACV,YAAY,EAAE,GAAG;SAClB,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC7C,OAAO,EAAE,CAAC;gBACR,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,IAAI;gBACJ,eAAe,EAAE,KAAK;gBACtB,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,QAAQ;gBACjB,WAAW,EAAE,kBAAkB;gBAC/B,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACnE,IAAI,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CACT,uBAAuB,EACvB,yEAAyE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAC/F,KAAK,EACL,oBAAoB,CACrB,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC;YACzC,UAAU,EAAE,oBAAoB;YAChC,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,iBAAiB,EAAE,KAAK,CAAC,cAAc;YACvC,mBAAmB,EAAE,0BAA0B;YAC/C,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;YAChB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,IAAI,aAAa,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,2CAA2C,EAAE,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC7I,CAAC;QAED,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;QAClE,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAChC,sBAAsB,CAAC,MAAM,EAAE;YAC7B,MAAM,EAAE,MAAM,CAAC,OAAc;YAC7B,aAAa,EAAE;gBACb,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE;aAC5B;SACF,CAAC,CAAC;QAEH,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAClD,MAAM,qBAAqB,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAE3E,OAAO,EAAE,CAAC;YACR,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,UAAU,EAAE,YAAY,CAAC,UAAU;YACnC,IAAI;YACJ,eAAe,EAAE,CAAC,CAAC,qBAAqB;YACxC,cAAc,EAAE,qBAAqB;gBACnC,CAAC,CAAC;oBACE,cAAc,EAAE,IAAI;oBACpB,IAAI,EAAE,yGAAyG;iBAChH;gBACH,CAAC,CAAC,IAAI;YACR,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,aAAa,EAAE,MAAM,CAAC,OAAO;YAC7B,YAAY,EAAE,0BAA0B;YACxC,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,OAAO,EAAE,QAAQ;YACjB,WAAW,EAAE,kBAAkB;YAC/B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,aAAa;YACrB,cAAc,EAAE,IAAI;YACpB,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CACT,qBAAqB,EACrB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,IAAI,EACJ,oBAAoB,CACrB,CAAC;IACJ,CAAC;AACH,CAAC"}