thebuyside-x402-agent 0.4.2 → 0.5.0

package/README.md

@@ -1,28 +1,33 @@
 # thebuyside-x402-agent
 
-The MCP gateway that lets any AI agent discover and pay x402-priced APIs on Base or Solana — without the user wiring payments themselves.
+The MCP gateway that lets any AI agent discover and pay metered APIs on Base or Solana — without the user wiring payments themselves.
 
-`thebuyside-x402-agent` is the canonical buyer-side reference implementation for [x402](https://x402.org), the HTTP 402 payment standard stewarded by the Linux Foundation. Drop it into Claude Code, Claude Desktop, Cursor, or any MCP client, and your agent gains three tools:
+`thebuyside-x402-agent` is the canonical buyer-side reference implementation for two open agent-payment protocols:
 
-- **`x402.discover`** — search the curated registry plus three federated indexes (CDP Bazaar, agentic.market, x402watch) for x402-priced APIs
-- **`x402.fetch`** — call one (the gateway pays the 402 challenge automatically, on whichever chain you have a key for)
-- **`x402.wallet_status`** — show the gateway's wallet(s), today's spend, and caps
+- **[x402](https://x402.org)** — the HTTP 402 payment standard stewarded by the Linux Foundation. EVM (Base) and SVM (Solana) via the `exact` scheme.
+- **MPP** — [Machine Payments Protocol](https://paymentauth.org/draft-solana-charge-00.html), the new RFC-7235-style protocol behind [pay.sh](https://pay.sh) (Solana Foundation × Google Cloud, launched May 2026). Solana mainnet USDC.
+
+Drop it into Claude Code, Claude Desktop, Cursor, or any MCP client, and your agent gains three tools:
+
+- **`pay.discover`** — search the curated registry plus three federated indexes (CDP Bazaar, agentic.market, x402watch) for paid APIs
+- **`pay.fetch`** — call one (the gateway pays the 402 challenge automatically, on whichever chain you have a key for, speaking whichever protocol the seller uses)
+- **`pay.wallet_status`** — show the gateway's wallet(s), today's spend, and caps
 
 The agent never sees the 402, never sees a wallet, never holds a private key.
 
 ## Status
 
-**v0.4.1 published to npm 2026-05-10.** Validated end-to-end on both supported chains:
+**v0.5.0 — MPP support landed 2026-05-10.** Previously validated end-to-end on both supported chains via x402:
 
 > Base mainnet · `$0.005 USDC` · tx [`0xd0917b35…`](https://basescan.org/tx/0xd0917b35d8b778cf8d0249cc1b107a48ff7125b9fcaf7b4b257d823f73cc6aac)
 >
 > Solana mainnet · `$0.005 USDC` · tx [`4DYWUMEx…`](https://solscan.io/tx/4DYWUMExSrMNxYLjUuH9G8feN4fmYXm4ToCx7gGaAEjJRf2QNrE8LsvoFSGhXwQJrchhgrnGpUFwjxrci9PRLF71)
 
-- 122 unit tests + MCP smoke test, all green
-- x402 v1 + v2 dual wire support (handles both transports)
+- 154 unit tests + MCP smoke test, all green
+- **Dual-protocol**: speaks x402 v1 + v2 *and* MPP (`solana`/`charge` intent). `pay.fetch` peeks at the 402 and dispatches transparently — agents never know which protocol the seller uses.
 - Multi-chain: configure either Base (EVM/EIP-3009) or Solana (SVM/SPL-TransferChecked) — or both. Sellers offering multiple chains are routed to whichever you have a signer for. On Solana, the seller's facilitator covers SOL gas — buyer wallet only needs USDC.
-- Federated discovery: `x402.discover` queries the curated `seed.json` + CDP Bazaar + agentic.market + x402watch in parallel and dedupes by canonical endpoint URL
-- Spend caps, host allowlist, receipts log, self-transfer guard
+- Federated discovery: `pay.discover` queries the curated `seed.json` + CDP Bazaar + agentic.market + x402watch in parallel and dedupes by canonical endpoint URL
+- Spend caps, host allowlist, receipts log, self-transfer guard — protocol-agnostic
 - Confirm-before-pay via MCP elicitation, with graceful fallback for clients lacking task-creation support (Claude Code)
 - Apache 2.0, DCO not CLA
 
@@ -60,7 +65,7 @@ Use a fresh wallet, not your main one. (You can also pass these via your MCP cli
 claude mcp add x402-pay -- npx -y thebuyside-x402-agent
 ```
 
-Open a session, type `/mcp` to verify, then ask: *"Use x402.wallet_status to show my wallet."*
+Open a session, type `/mcp` to verify, then ask: *"Use pay.wallet_status to show my wallet."*
 
 **Claude Desktop:**
 
@@ -72,13 +77,13 @@ See [docs/install-claude-desktop.md](docs/install-claude-desktop.md).
 
 Once connected, ask the model:
 
-> *"Use x402.discover to find APIs about news."*
+> *"Use pay.discover to find APIs about news."*
 
-> *"Use x402.fetch to get https://news-ep.com/api/v1/stories?market=houston&limit=5"*
+> *"Use pay.fetch to get https://news-ep.com/api/v1/stories?market=houston&limit=5"*
 
 The first returns the registry plus federated matches from CDP Bazaar, agentic.market, and x402watch (each result tagged with its `source`). The second pays `$0.005 USDC` and returns Houston news. news-ep advertises both Base and Solana — the gateway picks whichever chain you have a key for.
 
-After a successful call, ask `x402.wallet_status` and you'll see today's spend reflected (and which chains have signers configured).
+After a successful call, ask `pay.wallet_status` and you'll see today's spend reflected (and which chains have signers configured).
 
 ## Configuration
 
@@ -104,7 +109,7 @@ Spend controls have safe defaults. Override via env if needed.
 | `X402_CONFIRM_STRICT` | *(off)* | `1` refuses payment when the client lacks elicitation OR advertises elicitation but lacks tasks/create (e.g. Claude Code as of 2026-05). Default: log a one-time warning and proceed |
 | `X402_RECEIPTS_PATH` | `.local/receipts.jsonl` | Where the receipts log is written |
 
-**Federated discovery** (`x402.discover` queries these in parallel and merges with the local `seed.json`):
+**Federated discovery** (`pay.discover` queries these in parallel and merges with the local `seed.json`):
 
 | Var | Default | What it does |
 | --- | --- | --- |

package/dist/chains/solana-usdc.d.ts

@@ -28,6 +28,7 @@
  * and an x402 round trip typically fits well inside that.
  */
 import { VersionedTransaction } from '@solana/web3.js';
+import type { ChargeRequest } from '../mpp/types.js';
 import type { PaymentRequirements } from '../x402/types.js';
 import type { SolanaChainAdapter } from './adapter.js';
 export type SolanaUsdcAdapterOptions = {
@@ -46,6 +47,18 @@ export declare class SolanaUsdcAdapter implements SolanaChainAdapter {
     buildPayment(reqs: PaymentRequirements, payerPubkey: string): Promise<{
         tx: VersionedTransaction;
     }>;
+    /**
+     * MPP-flavored payment build. Mirrors `buildPayment` but reads the inputs
+     * from an MPP `ChargeRequest` (paymentauth.org/draft-solana-charge-00) and
+     * uses the seller-supplied `recentBlockhash` instead of fetching one.
+     *
+     * Scope: USDC mainnet, pull mode (server is feePayer), standard SPL Token
+     * program. Push mode (`feePayer: false`) is not supported here — the buyer
+     * would need its own SOL balance and gas-pricing logic.
+     */
+    buildPaymentMpp(charge: ChargeRequest, payerPubkey: string): Promise<{
+        tx: VersionedTransaction;
+    }>;
     private fetchBlockhash;
 }
 //# sourceMappingURL=solana-usdc.d.ts.map

package/dist/chains/solana-usdc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"solana-usdc.d.ts","sourceRoot":"","sources":["../../src/chains/solana-usdc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAGH,OAAO,EAML,oBAAoB,EACrB,MAAM,iBAAiB,CAAC;AAMzB,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAavD,MAAM,MAAM,wBAAwB,GAAG;IACrC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1C,CAAC;AAEF,qBAAa,iBAAkB,YAAW,kBAAkB;IAC1D,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,IAAI,EAAG,KAAK,CAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAwB;gBAE9C,IAAI,GAAE,wBAA6B;IAK/C,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAO3B,YAAY,CAChB,IAAI,EAAE,mBAAmB,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QAAE,EAAE,EAAE,oBAAoB,CAAA;KAAE,CAAC;YA4E1B,cAAc;CAM7B"}
+{"version":3,"file":"solana-usdc.d.ts","sourceRoot":"","sources":["../../src/chains/solana-usdc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAGH,OAAO,EAML,oBAAoB,EACrB,MAAM,iBAAiB,CAAC;AAMzB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAavD,MAAM,MAAM,wBAAwB,GAAG;IACrC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1C,CAAC;AAEF,qBAAa,iBAAkB,YAAW,kBAAkB;IAC1D,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,IAAI,EAAG,KAAK,CAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAwB;gBAE9C,IAAI,GAAE,wBAA6B;IAK/C,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAO3B,YAAY,CAChB,IAAI,EAAE,mBAAmB,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QAAE,EAAE,EAAE,oBAAoB,CAAA;KAAE,CAAC;IA0DxC;;;;;;;;OAQG;IACG,eAAe,CACnB,MAAM,EAAE,aAAa,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QAAE,EAAE,EAAE,oBAAoB,CAAA;KAAE,CAAC;YA0D1B,cAAc;CAM7B"}

package/dist/chains/solana-usdc.js

@@ -74,32 +74,77 @@ export class SolanaUsdcAdapter {
         }
         const sourceAta = getAssociatedTokenAddressSync(mint, payer);
         const destAta = getAssociatedTokenAddressSync(mint, seller);
-        // Spec: feePayer MUST NOT appear in any instruction's accounts.
+        // x402 SVM scheme: feePayer MUST NOT appear in any instruction's accounts.
+        // MPP relaxes this rule — see `buildPaymentMpp` below.
         if (feePayer.equals(sourceAta) || feePayer.equals(destAta) || feePayer.equals(seller) || feePayer.equals(mint)) {
             throw new Error('feePayer collides with an instruction account (source ATA, dest ATA, ' +
                 'seller, or mint) — refusing to build tx. This violates the SVM scheme ' +
                 'safety rule.');
         }
         const memoText = readMemo(reqs.extra) ?? randomHexNonce(16);
-        const amount = BigInt(reqs.maxAmountRequired);
-        const instructions = [
-            ComputeBudgetProgram.setComputeUnitLimit({ units: COMPUTE_UNIT_LIMIT }),
-            ComputeBudgetProgram.setComputeUnitPrice({ microLamports: COMPUTE_UNIT_PRICE }),
-            createTransferCheckedInstruction(sourceAta, mint, destAta, payer, amount, USDC_DECIMALS, [], TOKEN_PROGRAM_ID),
-            new TransactionInstruction({
-                programId: MEMO_PROGRAM_ID,
-                keys: [],
-                data: Buffer.from(memoText, 'utf8'),
-            }),
-        ];
         const recentBlockhash = await this.fetchBlockhash();
-        const messageV0 = new TransactionMessage({
-            payerKey: feePayer,
-            recentBlockhash,
-            instructions,
-        }).compileToV0Message();
-        const tx = new VersionedTransaction(messageV0);
-        return { tx };
+        return {
+            tx: buildTransferTx({
+                payer,
+                seller,
+                feePayer,
+                mint,
+                amount: BigInt(reqs.maxAmountRequired),
+                memo: memoText,
+                recentBlockhash,
+            }),
+        };
+    }
+    /**
+     * MPP-flavored payment build. Mirrors `buildPayment` but reads the inputs
+     * from an MPP `ChargeRequest` (paymentauth.org/draft-solana-charge-00) and
+     * uses the seller-supplied `recentBlockhash` instead of fetching one.
+     *
+     * Scope: USDC mainnet, pull mode (server is feePayer), standard SPL Token
+     * program. Push mode (`feePayer: false`) is not supported here — the buyer
+     * would need its own SOL balance and gas-pricing logic.
+     */
+    async buildPaymentMpp(charge, payerPubkey) {
+        if (charge.currency !== USDC_MAINNET_MINT) {
+            throw new Error(`solana-usdc adapter only handles the USDC mint (${USDC_MAINNET_MINT}); ` +
+                `MPP challenge asked for currency=${charge.currency}.`);
+        }
+        if (charge.methodDetails.tokenProgram !== TOKEN_PROGRAM_ID.toBase58()) {
+            throw new Error(`MPP challenge requires non-standard token program ${charge.methodDetails.tokenProgram}; ` +
+                `only the standard SPL Token program is supported in v0.5.0.`);
+        }
+        if (charge.methodDetails.decimals !== USDC_DECIMALS) {
+            throw new Error(`MPP challenge declares decimals=${charge.methodDetails.decimals}; ` +
+                `USDC requires decimals=${USDC_DECIMALS}.`);
+        }
+        if (!charge.methodDetails.feePayer) {
+            throw new Error('MPP push mode (`methodDetails.feePayer: false`) is not supported in ' +
+                'v0.5.0 — the buyer cannot be the fee payer in this gateway.');
+        }
+        if (!charge.methodDetails.feePayerKey) {
+            throw new Error('MPP pull-mode challenge missing `methodDetails.feePayerKey` — required ' +
+                'when `feePayer: true` so the buyer knows whose pubkey to record as ' +
+                'the transaction fee payer.');
+        }
+        const payer = new PublicKey(payerPubkey);
+        const seller = new PublicKey(charge.recipient);
+        const feePayer = new PublicKey(charge.methodDetails.feePayerKey);
+        const mint = new PublicKey(charge.currency);
+        if (feePayer.equals(payer)) {
+            throw new Error('seller-declared feePayer equals the buyer pubkey — refusing to sign. ' +
+                'Buyer must not appear as feePayer in pull mode.');
+        }
+        return {
+            tx: buildTransferTx({
+                payer,
+                seller,
+                feePayer,
+                mint,
+                amount: BigInt(charge.amount),
+                memo: null,
+                recentBlockhash: charge.methodDetails.recentBlockhash,
+            }),
+        };
     }
     async fetchBlockhash() {
         if (this.blockhashFetcher)
@@ -109,6 +154,29 @@ export class SolanaUsdcAdapter {
         return blockhash;
     }
 }
+/** Build the 4-instruction USDC transferChecked tx shared by x402 and MPP. */
+function buildTransferTx(args) {
+    const sourceAta = getAssociatedTokenAddressSync(args.mint, args.payer);
+    const destAta = getAssociatedTokenAddressSync(args.mint, args.seller);
+    const instructions = [
+        ComputeBudgetProgram.setComputeUnitLimit({ units: COMPUTE_UNIT_LIMIT }),
+        ComputeBudgetProgram.setComputeUnitPrice({ microLamports: COMPUTE_UNIT_PRICE }),
+        createTransferCheckedInstruction(sourceAta, args.mint, destAta, args.payer, args.amount, USDC_DECIMALS, [], TOKEN_PROGRAM_ID),
+    ];
+    if (args.memo !== null) {
+        instructions.push(new TransactionInstruction({
+            programId: MEMO_PROGRAM_ID,
+            keys: [],
+            data: Buffer.from(args.memo, 'utf8'),
+        }));
+    }
+    const messageV0 = new TransactionMessage({
+        payerKey: args.feePayer,
+        recentBlockhash: args.recentBlockhash,
+        instructions,
+    }).compileToV0Message();
+    return new VersionedTransaction(messageV0);
+}
 function readFeePayer(extra) {
     if (extra && typeof extra === 'object' && 'feePayer' in extra) {
         const f = extra.feePayer;

package/dist/chains/solana-usdc.js.map

@@ -1 +1 @@
-{"version":3,"file":"solana-usdc.js","sourceRoot":"","sources":["../../src/chains/solana-usdc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,SAAS,EACT,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gCAAgC,EAChC,6BAA6B,EAC7B,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAI3B,MAAM,sBAAsB,GAAG,kCAAkC,CAAC;AAClE,MAAM,iBAAiB,GAAG,8CAA8C,CAAC;AACzE,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,eAAe,GAAG,IAAI,SAAS,CAAC,6CAA6C,CAAC,CAAC;AACrF,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAE9D,sFAAsF;AACtF,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,mFAAmF;AACnF,MAAM,kBAAkB,GAAG,KAAK,CAAC;AASjC,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,QAAQ,CAAC;IACd,IAAI,GAAG,KAAc,CAAC;IACd,MAAM,CAAS;IACf,gBAAgB,CAAyB;IAE1D,YAAY,OAAiC,EAAE;QAC7C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,eAAe,CAAC;QAC5E,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAChD,CAAC;IAED,OAAO,CAAC,OAAe;QACrB,OAAO,CACL,OAAO,KAAK,QAAQ;YACpB,OAAO,KAAK,UAAU,sBAAsB,EAAE,CAC/C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,IAAyB,EACzB,WAAmB;QAEnB,IAAK,IAAI,CAAC,KAAgB,KAAK,iBAAiB,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,mDAAmD,iBAAiB,KAAK;gBACvE,0BAA0B,IAAI,CAAC,KAAK,sCAAsC;gBAC1E,+BAA+B,CAClC,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,sEAAsE;gBACpE,mEAAmE;gBACnE,oDAAoD,CACvD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEvC,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,uEAAuE;gBACrE,gEAAgE,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,6BAA6B,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,6BAA6B,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAE5D,gEAAgE;QAChE,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/G,MAAM,IAAI,KAAK,CACb,uEAAuE;gBACrE,wEAAwE;gBACxE,cAAc,CACjB,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,EAAE,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAE9C,MAAM,YAAY,GAA6B;YAC7C,oBAAoB,CAAC,mBAAmB,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;YACvE,oBAAoB,CAAC,mBAAmB,CAAC,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;YAC/E,gCAAgC,CAC9B,SAAS,EACT,IAAI,EACJ,OAAO,EACP,KAAK,EACL,MAAM,EACN,aAAa,EACb,EAAE,EACF,gBAAgB,CACjB;YACD,IAAI,sBAAsB,CAAC;gBACzB,SAAS,EAAE,eAAe;gBAC1B,IAAI,EAAE,EAAE;gBACR,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC;aACpC,CAAC;SACH,CAAC;QAEF,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,kBAAkB,CAAC;YACvC,QAAQ,EAAE,QAAQ;YAClB,eAAe;YACf,YAAY;SACb,CAAC,CAAC,kBAAkB,EAAE,CAAC;QAExB,MAAM,EAAE,GAAG,IAAI,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,IAAI,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACjE,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;QAC9D,MAAM,CAAC,GAAI,KAAiC,CAAC,QAAQ,CAAC;QACtD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;QAC1D,MAAM,CAAC,GAAI,KAAiC,CAAC,IAAI,CAAC;QAClD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9C,CAAC"}
+{"version":3,"file":"solana-usdc.js","sourceRoot":"","sources":["../../src/chains/solana-usdc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,SAAS,EACT,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gCAAgC,EAChC,6BAA6B,EAC7B,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAK3B,MAAM,sBAAsB,GAAG,kCAAkC,CAAC;AAClE,MAAM,iBAAiB,GAAG,8CAA8C,CAAC;AACzE,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,eAAe,GAAG,IAAI,SAAS,CAAC,6CAA6C,CAAC,CAAC;AACrF,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAE9D,sFAAsF;AACtF,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,mFAAmF;AACnF,MAAM,kBAAkB,GAAG,KAAK,CAAC;AASjC,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,QAAQ,CAAC;IACd,IAAI,GAAG,KAAc,CAAC;IACd,MAAM,CAAS;IACf,gBAAgB,CAAyB;IAE1D,YAAY,OAAiC,EAAE;QAC7C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,eAAe,CAAC;QAC5E,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAChD,CAAC;IAED,OAAO,CAAC,OAAe;QACrB,OAAO,CACL,OAAO,KAAK,QAAQ;YACpB,OAAO,KAAK,UAAU,sBAAsB,EAAE,CAC/C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,IAAyB,EACzB,WAAmB;QAEnB,IAAK,IAAI,CAAC,KAAgB,KAAK,iBAAiB,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,mDAAmD,iBAAiB,KAAK;gBACvE,0BAA0B,IAAI,CAAC,KAAK,sCAAsC;gBAC1E,+BAA+B,CAClC,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,sEAAsE;gBACpE,mEAAmE;gBACnE,oDAAoD,CACvD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEvC,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,uEAAuE;gBACrE,gEAAgE,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,6BAA6B,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,6BAA6B,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAE5D,2EAA2E;QAC3E,uDAAuD;QACvD,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/G,MAAM,IAAI,KAAK,CACb,uEAAuE;gBACrE,wEAAwE;gBACxE,cAAc,CACjB,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,EAAE,CAAC,CAAC;QAC5D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO;YACL,EAAE,EAAE,eAAe,CAAC;gBAClB,KAAK;gBACL,MAAM;gBACN,QAAQ;gBACR,IAAI;gBACJ,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC;gBACtC,IAAI,EAAE,QAAQ;gBACd,eAAe;aAChB,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CACnB,MAAqB,EACrB,WAAmB;QAEnB,IAAI,MAAM,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CACb,mDAAmD,iBAAiB,KAAK;gBACvE,oCAAoC,MAAM,CAAC,QAAQ,GAAG,CACzD,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,CAAC,YAAY,KAAK,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CACb,qDAAqD,MAAM,CAAC,aAAa,CAAC,YAAY,IAAI;gBACxF,6DAA6D,CAChE,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,mCAAmC,MAAM,CAAC,aAAa,CAAC,QAAQ,IAAI;gBAClE,0BAA0B,aAAa,GAAG,CAC7C,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,sEAAsE;gBACpE,6DAA6D,CAChE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb,yEAAyE;gBACvE,qEAAqE;gBACrE,4BAA4B,CAC/B,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAE5C,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,uEAAuE;gBACrE,iDAAiD,CACpD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,eAAe,CAAC;gBAClB,KAAK;gBACL,MAAM;gBACN,QAAQ;gBACR,IAAI;gBACJ,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,EAAE,IAAI;gBACV,eAAe,EAAE,MAAM,CAAC,aAAa,CAAC,eAAe;aACtD,CAAC;SACH,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,IAAI,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACjE,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,8EAA8E;AAC9E,SAAS,eAAe,CAAC,IASxB;IACC,MAAM,SAAS,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACvE,MAAM,OAAO,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAEtE,MAAM,YAAY,GAA6B;QAC7C,oBAAoB,CAAC,mBAAmB,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;QACvE,oBAAoB,CAAC,mBAAmB,CAAC,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;QAC/E,gCAAgC,CAC9B,SAAS,EACT,IAAI,CAAC,IAAI,EACT,OAAO,EACP,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,aAAa,EACb,EAAE,EACF,gBAAgB,CACjB;KACF,CAAC;IACF,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QACvB,YAAY,CAAC,IAAI,CACf,IAAI,sBAAsB,CAAC;YACzB,SAAS,EAAE,eAAe;YAC1B,IAAI,EAAE,EAAE;YACR,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;SACrC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,kBAAkB,CAAC;QACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,YAAY;KACb,CAAC,CAAC,kBAAkB,EAAE,CAAC;IAExB,OAAO,IAAI,oBAAoB,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;QAC9D,MAAM,CAAC,GAAI,KAAiC,CAAC,QAAQ,CAAC;QACtD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;QAC1D,MAAM,CAAC,GAAI,KAAiC,CAAC,IAAI,CAAC;QAClD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9C,CAAC"}

package/dist/mpp/auth-header.d.ts

@@ -0,0 +1,47 @@
+/**
+ * RFC 7235 HTTP Authentication header parser/builder, scoped to the
+ * `Payment` auth-scheme used by MPP (paymentauth.org/draft-solana-charge-00).
+ *
+ * Servers emit:
+ *   WWW-Authenticate: Payment id="...", realm="...", method="solana",
+ *     intent="charge", request="<b64url-JCS>", expires="<ISO-8601>",
+ *     description="<optional human label>"
+ *
+ * Buyers reply with:
+ *   Authorization: Payment <b64url-JCS credential>
+ *
+ * The `Payment` scheme does not use auth-params on the request side — the
+ * value after the scheme name is a single base64url token (the credential).
+ *
+ * Multi-challenge headers (RFC 7235 §4.1 allows several comma-separated
+ * challenges) are not handled here — we accept the first `Payment` challenge
+ * and throw if a non-Payment scheme appears before it. In practice MPP
+ * sellers emit a single-challenge header.
+ */
+export type ParsedPaymentChallenge = {
+    scheme: 'Payment';
+    id: string;
+    realm: string;
+    /** Always `"solana"` in this spec, but parsed verbatim. */
+    method: string;
+    /** Always `"charge"` in this spec, but parsed verbatim. */
+    intent: string;
+    /** base64url(JCS(ChargeRequest)) — still encoded; decode separately. */
+    request: string;
+    /** ISO-8601 datetime string. Caller compares against current time. */
+    expires: string;
+    /** Optional human-readable label some sellers include. */
+    description?: string;
+    /** Any auth-params we don't recognize, lowercased. Surfaced for forward-compat. */
+    extras: Record<string, string>;
+};
+export declare function parsePaymentChallenge(header: string): ParsedPaymentChallenge;
+/** Build the value of the `Authorization` header for an MPP credential. */
+export declare function buildAuthorizationHeader(credentialBase64Url: string): string;
+/**
+ * Test whether a `WWW-Authenticate` header value advertises an MPP challenge.
+ * Used by the unified fetch handler to decide between x402 and MPP routing.
+ * Cheap shape check only — full parsing happens in `parsePaymentChallenge`.
+ */
+export declare function isMppChallengeHeader(header: string | null | undefined): boolean;
+//# sourceMappingURL=auth-header.d.ts.map

package/dist/mpp/auth-header.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-header.d.ts","sourceRoot":"","sources":["../../src/mpp/auth-header.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,MAAM,sBAAsB,GAAG;IACnC,MAAM,EAAE,SAAS,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC;IAChB,sEAAsE;IACtE,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mFAAmF;IACnF,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC,CAAC;AAMF,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,sBAAsB,CAmG5E;AAED,2EAA2E;AAC3E,wBAAgB,wBAAwB,CAAC,mBAAmB,EAAE,MAAM,GAAG,MAAM,CAE5E;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAG/E"}

package/dist/mpp/auth-header.js

@@ -0,0 +1,135 @@
+/**
+ * RFC 7235 HTTP Authentication header parser/builder, scoped to the
+ * `Payment` auth-scheme used by MPP (paymentauth.org/draft-solana-charge-00).
+ *
+ * Servers emit:
+ *   WWW-Authenticate: Payment id="...", realm="...", method="solana",
+ *     intent="charge", request="<b64url-JCS>", expires="<ISO-8601>",
+ *     description="<optional human label>"
+ *
+ * Buyers reply with:
+ *   Authorization: Payment <b64url-JCS credential>
+ *
+ * The `Payment` scheme does not use auth-params on the request side — the
+ * value after the scheme name is a single base64url token (the credential).
+ *
+ * Multi-challenge headers (RFC 7235 §4.1 allows several comma-separated
+ * challenges) are not handled here — we accept the first `Payment` challenge
+ * and throw if a non-Payment scheme appears before it. In practice MPP
+ * sellers emit a single-challenge header.
+ */
+const TOKEN_CHAR_RE = /[A-Za-z0-9!#$%&'*+\-.^_`|~]/;
+/** Token + `/` (for slash-bearing base64url values used as bare tokens by some sellers). */
+const TOKEN_VALUE_CHAR_RE = /[A-Za-z0-9!#$%&'*+\-.^_`|~/]/;
+export function parsePaymentChallenge(header) {
+    let i = 0;
+    const len = header.length;
+    const skipWs = () => {
+        while (i < len && (header[i] === ' ' || header[i] === '\t'))
+            i++;
+    };
+    skipWs();
+    const schemeStart = i;
+    while (i < len && header[i] !== ' ' && header[i] !== '\t')
+        i++;
+    const scheme = header.slice(schemeStart, i);
+    if (scheme.toLowerCase() !== 'payment') {
+        throw new Error(`unexpected WWW-Authenticate scheme: "${scheme}" (expected "Payment")`);
+    }
+    skipWs();
+    const params = new Map();
+    while (i < len) {
+        const nameStart = i;
+        while (i < len && TOKEN_CHAR_RE.test(header[i]))
+            i++;
+        if (i === nameStart) {
+            throw new Error(`expected auth-param name at index ${i} of WWW-Authenticate header`);
+        }
+        const name = header.slice(nameStart, i).toLowerCase();
+        skipWs();
+        if (header[i] !== '=') {
+            throw new Error(`expected "=" after auth-param "${name}" at index ${i}`);
+        }
+        i++;
+        skipWs();
+        let value;
+        if (header[i] === '"') {
+            i++;
+            let v = '';
+            while (i < len && header[i] !== '"') {
+                if (header[i] === '\\') {
+                    i++;
+                    if (i >= len)
+                        throw new Error('unterminated escape inside quoted-string');
+                    v += header[i];
+                    i++;
+                }
+                else {
+                    v += header[i];
+                    i++;
+                }
+            }
+            if (header[i] !== '"') {
+                throw new Error(`unterminated quoted-string for auth-param "${name}"`);
+            }
+            i++;
+            value = v;
+        }
+        else {
+            const valStart = i;
+            while (i < len && TOKEN_VALUE_CHAR_RE.test(header[i]))
+                i++;
+            if (i === valStart) {
+                throw new Error(`expected value for auth-param "${name}" at index ${i}`);
+            }
+            value = header.slice(valStart, i);
+        }
+        params.set(name, value);
+        skipWs();
+        if (i < len) {
+            if (header[i] !== ',') {
+                throw new Error(`expected "," between auth-params at index ${i}, found "${header[i]}"`);
+            }
+            i++;
+            skipWs();
+        }
+    }
+    const required = ['id', 'realm', 'method', 'intent', 'request', 'expires'];
+    for (const k of required) {
+        if (!params.has(k)) {
+            throw new Error(`MPP challenge missing required auth-param "${k}"`);
+        }
+    }
+    const known = new Set([...required, 'description']);
+    const extras = {};
+    for (const [k, v] of params) {
+        if (!known.has(k))
+            extras[k] = v;
+    }
+    return {
+        scheme: 'Payment',
+        id: params.get('id'),
+        realm: params.get('realm'),
+        method: params.get('method'),
+        intent: params.get('intent'),
+        request: params.get('request'),
+        expires: params.get('expires'),
+        description: params.get('description'),
+        extras,
+    };
+}
+/** Build the value of the `Authorization` header for an MPP credential. */
+export function buildAuthorizationHeader(credentialBase64Url) {
+    return `Payment ${credentialBase64Url}`;
+}
+/**
+ * Test whether a `WWW-Authenticate` header value advertises an MPP challenge.
+ * Used by the unified fetch handler to decide between x402 and MPP routing.
+ * Cheap shape check only — full parsing happens in `parsePaymentChallenge`.
+ */
+export function isMppChallengeHeader(header) {
+    if (!header)
+        return false;
+    return /^\s*payment\b/i.test(header);
+}
+//# sourceMappingURL=auth-header.js.map

package/dist/mpp/auth-header.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-header.js","sourceRoot":"","sources":["../../src/mpp/auth-header.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAoBH,MAAM,aAAa,GAAG,6BAA6B,CAAC;AACpD,4FAA4F;AAC5F,MAAM,mBAAmB,GAAG,8BAA8B,CAAC;AAE3D,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;IAE1B,MAAM,MAAM,GAAG,GAAS,EAAE;QACxB,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAAE,CAAC,EAAE,CAAC;IACnE,CAAC,CAAC;IAEF,MAAM,EAAE,CAAC;IACT,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,CAAC,EAAE,CAAC;IAC/D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC5C,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,wCAAwC,MAAM,wBAAwB,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,EAAE,CAAC;IAET,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,CAAC,CAAC;QACpB,OAAO,CAAC,GAAG,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAAE,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,6BAA6B,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAEtD,MAAM,EAAE,CAAC;QACT,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,cAAc,CAAC,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,CAAC,EAAE,CAAC;QACJ,MAAM,EAAE,CAAC;QAET,IAAI,KAAa,CAAC;QAClB,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACtB,CAAC,EAAE,CAAC;YACJ,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACpC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACvB,CAAC,EAAE,CAAC;oBACJ,IAAI,CAAC,IAAI,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;oBAC1E,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC;oBACf,CAAC,EAAE,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACN,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC;oBACf,CAAC,EAAE,CAAC;gBACN,CAAC;YACH,CAAC;YACD,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,8CAA8C,IAAI,GAAG,CAAC,CAAC;YACzE,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,KAAK,GAAG,CAAC,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,CAAC,CAAC;YACnB,OAAO,CAAC,GAAG,GAAG,IAAI,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAAE,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,cAAc,CAAC,EAAE,CAAC,CAAC;YAC3E,CAAC;YACD,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAExB,MAAM,EAAE,CAAC;QACT,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YACZ,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CACb,6CAA6C,CAAC,YAAY,MAAM,CAAC,CAAC,CAAC,GAAG,CACvE,CAAC;YACJ,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,MAAM,EAAE,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAU,CAAC;IACpF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAW;QAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAW;QACpC,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAW;QACtC,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAW;QACtC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAW;QACxC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAW;QACxC,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;QACtC,MAAM;KACP,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,wBAAwB,CAAC,mBAA2B;IAClE,OAAO,WAAW,mBAAmB,EAAE,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAiC;IACpE,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,OAAO,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC"}

package/dist/mpp/client.d.ts

@@ -0,0 +1,64 @@
+/**
+ * MPP (Machine Payments Protocol) client — drives the full payment loop
+ * for the `solana`/`charge` intent per paymentauth.org/draft-solana-charge-00:
+ *
+ *   1. Make the initial request.
+ *   2. If 402 with `WWW-Authenticate: Payment ...`, parse the challenge and
+ *      decode the base64url JCS `request` payload.
+ *   3. Validate scope (USDC mint, standard SPL Token, pull mode, network).
+ *   4. Have `SolanaUsdcAdapter.buildPaymentMpp` build the partially-signed tx.
+ *   5. Sign with the buyer's Solana key.
+ *   6. Wrap in a JCS-canonical credential JSON, base64url-encode, send as
+ *      `Authorization: Payment <b64url>`.
+ *   7. On 200, decode the `Payment-Receipt` header.
+ *
+ * No spend-policy enforcement here — that lives in `src/policy/` and is wired
+ * by the calling fetch tool via the `beforePay` / `onPaid` hooks. Mirrors the
+ * shape of `src/x402/client.ts` so the two protocols feel symmetric.
+ */
+import type { SolanaUsdcAdapter } from '../chains/solana-usdc.js';
+import type { SolanaSigner } from '../signer/signer.js';
+import type { ChargeRequest } from './types.js';
+export type MppPayAndFetchOptions = {
+    url: string;
+    method?: 'GET' | 'POST';
+    body?: unknown;
+    signer: SolanaSigner;
+    adapter: SolanaUsdcAdapter;
+    /** Test-only: override the global `fetch`. */
+    fetchFn?: typeof fetch;
+    /**
+     * Optimization: the caller already fetched the initial response and
+     * confirmed it's a 402 with an MPP challenge. Skips the duplicate GET.
+     */
+    prefetchedResponse?: Response;
+    /**
+     * If true, accept non-mainnet networks (`devnet`, `testnet`, `localnet`).
+     * Off by default — production callers should only pay real money on
+     * mainnet. Used by integration tests and the pay.sh debugger probe.
+     */
+    allowNonMainnet?: boolean;
+    /** Pre-pay hook. Throw to abort before any signature is produced. */
+    beforePay?: (charge: ChargeRequest) => Promise<void> | void;
+    /** Post-pay hook. Called only on 200; receives the settle tx signature. */
+    onPaid?: (info: {
+        charge: ChargeRequest;
+        tx: string | undefined;
+    }) => Promise<void> | void;
+};
+export type MppPayAndFetchResult = {
+    status: number;
+    body: unknown;
+    paid: boolean;
+    /** The decoded MPP charge we paid against, if any. */
+    paidCharge?: ChargeRequest;
+    /** Solana tx signature from `Payment-Receipt`, if the server emitted one. */
+    settledTx?: string;
+    /** Populated when the retry returns non-200. */
+    failure?: {
+        status: number;
+        body: unknown;
+    };
+};
+export declare function payAndFetchMpp(opts: MppPayAndFetchOptions): Promise<MppPayAndFetchResult>;
+//# sourceMappingURL=client.d.ts.map

package/dist/mpp/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/mpp/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAElE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAOxD,OAAO,KAAK,EACV,aAAa,EAGd,MAAM,YAAY,CAAC;AAMpB,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IACxB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,8CAA8C;IAC9C,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;IACvB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,QAAQ,CAAC;IAC9B;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qEAAqE;IACrE,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5D,2EAA2E;IAC3E,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,MAAM,EAAE,aAAa,CAAC;QAAC,EAAE,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC5F,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,sDAAsD;IACtD,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC;CAC7C,CAAC;AAEF,wBAAsB,cAAc,CAClC,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,oBAAoB,CAAC,CAgL/B"}