twzrd-x402-gate 0.1.0

package/README.md

@@ -0,0 +1,96 @@
+# twzrd-x402-gate
+
+Buyer-side x402 **trust gate**. Run a free [TWZRD preflight](https://intel.twzrd.xyz) (`ReadinessCard`)
+**before** signing USDC to any x402 merchant. Wraps `fetch` (HTTP 402) and the `@x402/mcp`
+`onPaymentRequested` hook. Fail-open by default so an unreachable preflight never hard-blocks a payment.
+
+This is the independent **pre-spend** layer — it does not settle, route, or hold funds. It works where
+your code receives an exposed 402 (e.g. direct `@x402/fetch` or raw merchant calls). 
+
+**ClawRouter / `@blockrun/clawrouter` note:** The local :8402 proxy signs internally and returns 200 (no
+outer 402 is visible). Use the pre-proxy hook from the `twzrd-clawrouter` skill (explicit call before the
+proxy) or an upstream `onBeforePayment` if ClawRouter exposes one. Same internalization applies to
+AgentCash's `fetch` (it handles 402 internally) — verify before assuming a wrapper sees it. The MCP
+`onPaymentRequested` hook covers clients that expose a payment callback.
+
+## Install
+
+```bash
+npm install twzrd-x402-gate
+```
+
+## Usage
+
+### Wrap any fetch that may receive a 402
+
+```ts
+import { wrapFetchWithTwzrdGate, resolveConfig } from "twzrd-x402-gate";
+
+const gatedFetch = wrapFetchWithTwzrdGate(fetch, resolveConfig());
+
+// On HTTP 402, the gate reads payTo from the x402 `accepts[0]`, runs preflight,
+// and THROWS if policy denies. On allow it returns the original 402 so your
+// x402 client attaches payment and retries as usual.
+const res = await gatedFetch("https://merchant.example/paid");
+```
+
+### As the @x402/mcp payment hook
+
+```ts
+import { defaultGate } from "twzrd-x402-gate";
+
+const client = createX402MCPClient({
+  onPaymentRequested: defaultGate.onPaymentRequested, // returns false to deny
+});
+```
+
+### Direct decision (no network wiring)
+
+```ts
+import { createTwzrdGate } from "twzrd-x402-gate";
+
+const gate = createTwzrdGate();
+const { approved, reason, card } = await gate.approvePayment({
+  payTo: "SELLER_WALLET_FROM_402",
+  resourceUrl: "https://merchant.example/paid",
+  priceUsdc: 0.003,
+});
+if (!approved) abort(reason);
+```
+
+## Policy
+
+A payment is **denied** when any of these hold (mirrors `scripts/twzrd_gate_agentcash_fetch.sh`):
+
+1. `decision ∈ blockDecisions` (default: `block`)
+2. `can_spend === false` — **only when `gateOnCanSpend` is true (default)**
+3. `trust_score < preflightMinScore` (default: `40`)
+
+Otherwise approved (`warn` is allowed with reason `twzrd_warn_allowed`). On preflight HTTP/network
+failure the gate **fails open** (approves) unless `failOpen` is disabled.
+
+> **ClawRouter / free-tier note:** the free preflight returns `can_spend=false` for most sellers
+> (including well-known ones), so the default policy will deny most unknown ClawRouter/BlockRun
+> sellers. To follow the "gate only on `decision=block`" policy documented in the `twzrd-clawrouter`
+> skill, set `gateOnCanSpend: false` (or `TWZRD_GATE_ON_CAN_SPEND=false`).
+
+## Config (overrides or env)
+
+| Option | Env | Default |
+|---|---|---|
+| `intelBase` | `TWZRD_INTEL_BASE` | `https://intel.twzrd.xyz` |
+| `preflightMinScore` | `TWZRD_PREFLIGHT_MIN_SCORE` | `40` |
+| `blockDecisions` | `TWZRD_BLOCK_DECISIONS` | `block` |
+| `failOpen` | `TWZRD_FAIL_OPEN` | `true` (`false`/`0` to disable) |
+| `gateOnCanSpend` | `TWZRD_GATE_ON_CAN_SPEND` | `true` (`false`/`0` = gate only on `decision`) |
+| `fetch` | — | global `fetch` |
+
+## Why pre-spend, not post-pay
+
+`GET /v1/intel/trust/{wallet}` is the **paid** (0.05 USDC) deep-intel surface — it is *not* a gate.
+`POST /v1/intel/preflight` is the **free** `ReadinessCard` for the pre-spend decision. This package
+only ever calls the free preflight; you decide whether to proceed before any USDC leaves your wallet.
+
+## License
+
+MIT

package/dist/config.d.ts

@@ -0,0 +1,11 @@
+import type { TwzrdGateConfig } from "./types.js";
+export type ResolvedTwzrdGateConfig = {
+    intelBase: string;
+    preflightMinScore: number;
+    blockDecisions: Set<string>;
+    failOpen: boolean;
+    gateOnCanSpend: boolean;
+    fetch: typeof fetch;
+};
+export declare function resolveConfig(overrides?: TwzrdGateConfig): ResolvedTwzrdGateConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,OAAO,KAAK,CAAC;CACrB,CAAC;AAYF,wBAAgB,aAAa,CAAC,SAAS,CAAC,EAAE,eAAe,GAAG,uBAAuB,CAuClF"}

package/dist/config.js

@@ -0,0 +1,36 @@
+function parseBlockDecisions(raw) {
+    const source = raw ?? "block";
+    return new Set(source
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean));
+}
+export function resolveConfig(overrides) {
+    const intelBase = (overrides?.intelBase ??
+        process.env.TWZRD_INTEL_BASE ??
+        "https://intel.twzrd.xyz").replace(/\/+$/, "");
+    const preflightMinScore = overrides?.preflightMinScore ??
+        Number(process.env.TWZRD_PREFLIGHT_MIN_SCORE ?? "40");
+    const blockDecisions = overrides?.blockDecisions != null
+        ? new Set([...overrides.blockDecisions].map((s) => s.trim()).filter(Boolean))
+        : parseBlockDecisions(process.env.TWZRD_BLOCK_DECISIONS);
+    const failOpen = overrides?.failOpen ??
+        (process.env.TWZRD_FAIL_OPEN !== "false" &&
+            process.env.TWZRD_FAIL_OPEN !== "0");
+    const gateOnCanSpend = overrides?.gateOnCanSpend ??
+        (process.env.TWZRD_GATE_ON_CAN_SPEND !== "false" &&
+            process.env.TWZRD_GATE_ON_CAN_SPEND !== "0");
+    const fetchFn = overrides?.fetch ?? globalThis.fetch;
+    if (typeof fetchFn !== "function") {
+        throw new Error("[twzrd-x402-gate] fetch is not available; pass config.fetch");
+    }
+    return {
+        intelBase,
+        preflightMinScore,
+        blockDecisions,
+        failOpen,
+        gateOnCanSpend,
+        fetch: fetchFn,
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAWA,SAAS,mBAAmB,CAAC,GAAuB;IAClD,MAAM,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC;IAC9B,OAAO,IAAI,GAAG,CACZ,MAAM;SACH,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAA2B;IACvD,MAAM,SAAS,GAAG,CAChB,SAAS,EAAE,SAAS;QACpB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,yBAAyB,CAC1B,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEtB,MAAM,iBAAiB,GACrB,SAAS,EAAE,iBAAiB;QAC5B,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,IAAI,CAAC,CAAC;IAExD,MAAM,cAAc,GAClB,SAAS,EAAE,cAAc,IAAI,IAAI;QAC/B,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7E,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAE7D,MAAM,QAAQ,GACZ,SAAS,EAAE,QAAQ;QACnB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,OAAO;YACtC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,GAAG,CAAC,CAAC;IAEzC,MAAM,cAAc,GAClB,SAAS,EAAE,cAAc;QACzB,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,OAAO;YAC9C,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,GAAG,CAAC,CAAC;IAEjD,MAAM,OAAO,GAAG,SAAS,EAAE,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACrD,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IAED,OAAO;QACL,SAAS;QACT,iBAAiB;QACjB,cAAc;QACd,QAAQ;QACR,cAAc;QACd,KAAK,EAAE,OAAO;KACf,CAAC;AACJ,CAAC"}

package/dist/gate.d.ts

@@ -0,0 +1,19 @@
+import { type ResolvedTwzrdGateConfig } from "./config.js";
+import { buildPreflightInput, evaluateReadinessCard, twzrdApprovePayment, twzrdPreflight } from "./policy.js";
+import { payToFromRequirements, priceUsdcFromAmountMicro } from "./payto.js";
+import type { TwzrdApproveContext, TwzrdGateConfig, TwzrdPreflightInput, X402McpPaymentRequest } from "./types.js";
+export type TwzrdGate = {
+    readonly config: ResolvedTwzrdGateConfig;
+    preflight: (input: TwzrdPreflightInput) => ReturnType<typeof twzrdPreflight>;
+    approvePayment: (ctx: TwzrdApproveContext) => ReturnType<typeof twzrdApprovePayment>;
+    onPaymentRequested: (req: X402McpPaymentRequest) => Promise<boolean>;
+    wrapFetch: (innerFetch: typeof fetch) => typeof fetch;
+    evaluateReadinessCard: typeof evaluateReadinessCard;
+    buildPreflightInput: typeof buildPreflightInput;
+    payToFromRequirements: typeof payToFromRequirements;
+    priceUsdcFromAmountMicro: typeof priceUsdcFromAmountMicro;
+};
+export declare function createTwzrdGate(overrides?: TwzrdGateConfig): TwzrdGate;
+/** Default gate using process.env / global fetch */
+export declare const defaultGate: TwzrdGate;
+//# sourceMappingURL=gate.d.ts.map

package/dist/gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,KAAK,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAE1E,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACf,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,eAAe,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEnH,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,uBAAuB,CAAC;IACzC,SAAS,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,UAAU,CAAC,OAAO,cAAc,CAAC,CAAC;IAC7E,cAAc,EAAE,CAAC,GAAG,EAAE,mBAAmB,KAAK,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;IACrF,kBAAkB,EAAE,CAAC,GAAG,EAAE,qBAAqB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACrE,SAAS,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,KAAK,OAAO,KAAK,CAAC;IACtD,qBAAqB,EAAE,OAAO,qBAAqB,CAAC;IACpD,mBAAmB,EAAE,OAAO,mBAAmB,CAAC;IAChD,qBAAqB,EAAE,OAAO,qBAAqB,CAAC;IACpD,wBAAwB,EAAE,OAAO,wBAAwB,CAAC;CAC3D,CAAC;AAEF,wBAAgB,eAAe,CAAC,SAAS,CAAC,EAAE,eAAe,GAAG,SAAS,CAatE;AAED,oDAAoD;AACpD,eAAO,MAAM,WAAW,EAAE,SAA6B,CAAC"}

package/dist/gate.js

@@ -0,0 +1,22 @@
+import { resolveConfig } from "./config.js";
+import { twzrdOnPaymentRequested } from "./mcp-hook.js";
+import { buildPreflightInput, evaluateReadinessCard, twzrdApprovePayment, twzrdPreflight, } from "./policy.js";
+import { payToFromRequirements, priceUsdcFromAmountMicro } from "./payto.js";
+import { wrapFetchWithTwzrdGate } from "./wrap-fetch.js";
+export function createTwzrdGate(overrides) {
+    const config = resolveConfig(overrides);
+    return {
+        config,
+        preflight: (input) => twzrdPreflight(input, config),
+        approvePayment: (ctx) => twzrdApprovePayment(ctx, config),
+        onPaymentRequested: (req) => twzrdOnPaymentRequested(req, config),
+        wrapFetch: (inner) => wrapFetchWithTwzrdGate(inner, config),
+        evaluateReadinessCard,
+        buildPreflightInput,
+        payToFromRequirements,
+        priceUsdcFromAmountMicro,
+    };
+}
+/** Default gate using process.env / global fetch */
+export const defaultGate = createTwzrdGate();
+//# sourceMappingURL=gate.js.map

package/dist/gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAgC,MAAM,aAAa,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,GACf,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAezD,MAAM,UAAU,eAAe,CAAC,SAA2B;IACzD,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACxC,OAAO;QACL,MAAM;QACN,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC;QACnD,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC;QACzD,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC;QACjE,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC;QAC3D,qBAAqB;QACrB,mBAAmB;QACnB,qBAAqB;QACrB,wBAAwB;KACzB,CAAC;AACJ,CAAC;AAED,oDAAoD;AACpD,MAAM,CAAC,MAAM,WAAW,GAAc,eAAe,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export { createTwzrdGate, defaultGate, type TwzrdGate } from "./gate.js";
+export { resolveConfig, type ResolvedTwzrdGateConfig } from "./config.js";
+export { evaluateReadinessCard, buildPreflightInput, twzrdPreflight, twzrdApprovePayment, type PolicyEvaluateInput, } from "./policy.js";
+export { payToFromRequirements, priceUsdcFromAmountMicro } from "./payto.js";
+export { twzrdOnPaymentRequested } from "./mcp-hook.js";
+export { wrapFetchWithTwzrdGate } from "./wrap-fetch.js";
+export type { TwzrdDecision, TwzrdReadinessCard, TwzrdPreflightInput, TwzrdGateConfig, TwzrdApproveContext, TwzrdApprovalResult, X402PaymentRequirements, X402PaymentRequiredBody, X402McpPaymentRequest, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,KAAK,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,mBAAmB,EACnB,KAAK,mBAAmB,GACzB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,YAAY,EACV,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,EACvB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+export { createTwzrdGate, defaultGate } from "./gate.js";
+export { resolveConfig } from "./config.js";
+export { evaluateReadinessCard, buildPreflightInput, twzrdPreflight, twzrdApprovePayment, } from "./policy.js";
+export { payToFromRequirements, priceUsdcFromAmountMicro } from "./payto.js";
+export { twzrdOnPaymentRequested } from "./mcp-hook.js";
+export { wrapFetchWithTwzrdGate } from "./wrap-fetch.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAkB,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,aAAa,EAAgC,MAAM,aAAa,CAAC;AAC1E,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,mBAAmB,GAEpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/mcp-hook.d.ts

@@ -0,0 +1,8 @@
+import type { ResolvedTwzrdGateConfig } from "./config.js";
+import type { X402McpPaymentRequest } from "./types.js";
+/**
+ * x402 MCP client hook. Wire as `onPaymentRequested` on createX402MCPClient.
+ * Returns false to deny the payment, true to allow.
+ */
+export declare function twzrdOnPaymentRequested(req: X402McpPaymentRequest, config?: ResolvedTwzrdGateConfig): Promise<boolean>;
+//# sourceMappingURL=mcp-hook.d.ts.map

package/dist/mcp-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-hook.d.ts","sourceRoot":"","sources":["../src/mcp-hook.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,KAAK,EAAE,qBAAqB,EAA2B,MAAM,YAAY,CAAC;AAEjF;;;GAGG;AACH,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,qBAAqB,EAC1B,MAAM,CAAC,EAAE,uBAAuB,GAC/B,OAAO,CAAC,OAAO,CAAC,CA2BlB"}

package/dist/mcp-hook.js

@@ -0,0 +1,30 @@
+import { payToFromRequirements, priceUsdcFromAmountMicro } from "./payto.js";
+import { twzrdApprovePayment } from "./policy.js";
+/**
+ * x402 MCP client hook. Wire as `onPaymentRequested` on createX402MCPClient.
+ * Returns false to deny the payment, true to allow.
+ */
+export async function twzrdOnPaymentRequested(req, config) {
+    const first = (req.accepts?.[0] ?? {});
+    const { payTo, amountMicro, resource } = payToFromRequirements(first);
+    const priceUsdc = priceUsdcFromAmountMicro(amountMicro);
+    const { approved, card, reason } = await twzrdApprovePayment({
+        resourceUrl: req.context?.resource ?? resource,
+        resourceName: req.context?.toolName,
+        sellerWallet: req.context?.sellerWallet,
+        payTo,
+        priceUsdc,
+        buyerWallet: req.context?.buyerWallet,
+        agentIntent: "x402_mcp_onPaymentRequested",
+    }, config);
+    if (!approved) {
+        console.warn("[twzrd] blocked x402 payment:", reason, {
+            payTo,
+            resource,
+            decision: card.decision,
+            trust_score: card.trust_score,
+        });
+    }
+    return approved;
+}
+//# sourceMappingURL=mcp-hook.js.map

package/dist/mcp-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-hook.js","sourceRoot":"","sources":["../src/mcp-hook.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAA0B,EAC1B,MAAgC;IAEhC,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAC;IAClE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,mBAAmB,CAC1D;QACE,WAAW,EAAE,GAAG,CAAC,OAAO,EAAE,QAAQ,IAAI,QAAQ;QAC9C,YAAY,EAAE,GAAG,CAAC,OAAO,EAAE,QAAQ;QACnC,YAAY,EAAE,GAAG,CAAC,OAAO,EAAE,YAAY;QACvC,KAAK;QACL,SAAS;QACT,WAAW,EAAE,GAAG,CAAC,OAAO,EAAE,WAAW;QACrC,WAAW,EAAE,6BAA6B;KAC3C,EACD,MAAM,CACP,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,+BAA+B,EAAE,MAAM,EAAE;YACpD,KAAK;YACL,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/payto.d.ts

@@ -0,0 +1,8 @@
+import type { X402PaymentRequirements } from "./types.js";
+export declare function payToFromRequirements(req: X402PaymentRequirements): {
+    payTo: string | undefined;
+    amountMicro: string | undefined;
+    resource: string | undefined;
+};
+export declare function priceUsdcFromAmountMicro(amountMicro: string | undefined): number | undefined;
+//# sourceMappingURL=payto.d.ts.map

package/dist/payto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payto.d.ts","sourceRoot":"","sources":["../src/payto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAE1D,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,uBAAuB,GAAG;IACnE,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B,CAIA;AAED,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,MAAM,GAAG,SAAS,CAKpB"}

package/dist/payto.js

@@ -0,0 +1,14 @@
+export function payToFromRequirements(req) {
+    const payTo = req.payTo ?? req.pay_to;
+    const amountMicro = req.maxAmountRequired ?? req.amount;
+    return { payTo, amountMicro, resource: req.resource };
+}
+export function priceUsdcFromAmountMicro(amountMicro) {
+    if (amountMicro == null || amountMicro === "")
+        return undefined;
+    const n = Number(amountMicro);
+    if (!Number.isFinite(n))
+        return undefined;
+    return n / 1_000_000;
+}
+//# sourceMappingURL=payto.js.map

package/dist/payto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payto.js","sourceRoot":"","sources":["../src/payto.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,qBAAqB,CAAC,GAA4B;IAKhE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;IACtC,MAAM,WAAW,GAAG,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,MAAM,CAAC;IACxD,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,WAA+B;IAE/B,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IAChE,MAAM,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1C,OAAO,CAAC,GAAG,SAAS,CAAC;AACvB,CAAC"}

package/dist/policy.d.ts

@@ -0,0 +1,17 @@
+import { type ResolvedTwzrdGateConfig } from "./config.js";
+import type { TwzrdApprovalResult, TwzrdApproveContext, TwzrdPreflightInput, TwzrdReadinessCard } from "./types.js";
+export type PolicyEvaluateInput = {
+    card: TwzrdReadinessCard;
+    preflightMinScore: number;
+    blockDecisions: Set<string>;
+    /** Deny on can_spend=false. Default true when omitted. */
+    gateOnCanSpend?: boolean;
+};
+/**
+ * Pure policy — no network. Mirrors scripts/twzrd_gate_agentcash_fetch.sh semantics.
+ */
+export declare function evaluateReadinessCard(input: PolicyEvaluateInput): TwzrdApprovalResult;
+export declare function buildPreflightInput(context: TwzrdApproveContext): TwzrdPreflightInput;
+export declare function twzrdPreflight(input: TwzrdPreflightInput, config?: ResolvedTwzrdGateConfig): Promise<TwzrdReadinessCard>;
+export declare function twzrdApprovePayment(context: TwzrdApproveContext, config?: ResolvedTwzrdGateConfig): Promise<TwzrdApprovalResult>;
+//# sourceMappingURL=policy.d.ts.map

package/dist/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,KAAK,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,kBAAkB,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,0DAA0D;IAC1D,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,mBAAmB,GAAG,mBAAmB,CAuBrF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,GAAG,mBAAmB,CAWrF;AAED,wBAAsB,cAAc,CAClC,KAAK,EAAE,mBAAmB,EAC1B,MAAM,CAAC,EAAE,uBAAuB,GAC/B,OAAO,CAAC,kBAAkB,CAAC,CAc7B;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,mBAAmB,EAC5B,MAAM,CAAC,EAAE,uBAAuB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAoB9B"}

package/dist/policy.js

@@ -0,0 +1,75 @@
+import { resolveConfig } from "./config.js";
+/**
+ * Pure policy — no network. Mirrors scripts/twzrd_gate_agentcash_fetch.sh semantics.
+ */
+export function evaluateReadinessCard(input) {
+    const { card, preflightMinScore, blockDecisions, gateOnCanSpend } = input;
+    const decision = card.decision ?? "warn";
+    const score = card.trust_score ?? 0;
+    if (blockDecisions.has(decision)) {
+        return { approved: false, card, reason: `twzrd_decision_${decision}` };
+    }
+    if (gateOnCanSpend !== false && card.can_spend === false) {
+        return { approved: false, card, reason: "twzrd_can_spend_false" };
+    }
+    if (score < preflightMinScore) {
+        return {
+            approved: false,
+            card,
+            reason: `twzrd_score_${score}_below_${preflightMinScore}`,
+        };
+    }
+    return {
+        approved: true,
+        card,
+        reason: decision === "warn" ? "twzrd_warn_allowed" : "twzrd_allow",
+    };
+}
+export function buildPreflightInput(context) {
+    const seller = context.sellerWallet ?? context.payTo;
+    return {
+        resource_name: context.resourceName ?? context.resourceUrl ?? "unknown_x402_resource",
+        seller_wallet: seller,
+        resource_url: context.resourceUrl,
+        price_usdc: context.priceUsdc,
+        buyer_wallet: context.buyerWallet,
+        agent_intent: context.agentIntent ?? "x402_payment_gate",
+    };
+}
+export async function twzrdPreflight(input, config) {
+    const cfg = config ?? resolveConfig();
+    const resp = await cfg.fetch(`${cfg.intelBase}/v1/intel/preflight`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify(input),
+    });
+    if (!resp.ok) {
+        throw new Error(`[twzrd] preflight HTTP ${resp.status}`);
+    }
+    const data = (await resp.json());
+    return data.readiness_card ?? data;
+}
+export async function twzrdApprovePayment(context, config) {
+    const cfg = config ?? resolveConfig();
+    try {
+        const card = await twzrdPreflight(buildPreflightInput(context), cfg);
+        return evaluateReadinessCard({
+            card,
+            preflightMinScore: cfg.preflightMinScore,
+            blockDecisions: cfg.blockDecisions,
+            gateOnCanSpend: cfg.gateOnCanSpend,
+        });
+    }
+    catch (err) {
+        if (!cfg.failOpen)
+            throw err;
+        // fail-open: preflight unreachable must not hard-block the agent's payment
+        return {
+            approved: true,
+            card: {},
+            reason: "twzrd_fail_open",
+            failOpen: true,
+        };
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAgC,MAAM,aAAa,CAAC;AAgB1E;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAA0B;IAC9D,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAC1E,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IAEpC,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,QAAQ,EAAE,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,cAAc,KAAK,KAAK,IAAI,IAAI,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;QACzD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACpE,CAAC;IACD,IAAI,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAC9B,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,IAAI;YACJ,MAAM,EAAE,eAAe,KAAK,UAAU,iBAAiB,EAAE;SAC1D,CAAC;IACJ,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,IAAI;QACJ,MAAM,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,aAAa;KACnE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAA4B;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC;IACrD,OAAO;QACL,aAAa,EACX,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,WAAW,IAAI,uBAAuB;QACxE,aAAa,EAAE,MAAM;QACrB,YAAY,EAAE,OAAO,CAAC,WAAW;QACjC,UAAU,EAAE,OAAO,CAAC,SAAS;QAC7B,YAAY,EAAE,OAAO,CAAC,WAAW;QACjC,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;KACzD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAA0B,EAC1B,MAAgC;IAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,aAAa,EAAE,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,SAAS,qBAAqB,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;KAC5B,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAET,CAAC;IACvB,OAAO,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC;AACrC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAA4B,EAC5B,MAAgC;IAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,aAAa,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;QACrE,OAAO,qBAAqB,CAAC;YAC3B,IAAI;YACJ,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;YACxC,cAAc,EAAE,GAAG,CAAC,cAAc;YAClC,cAAc,EAAE,GAAG,CAAC,cAAc;SACnC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,MAAM,GAAG,CAAC;QAC7B,2EAA2E;QAC3E,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,EAAE;YACR,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,IAAI;SACf,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,76 @@
+export type TwzrdDecision = "allow" | "warn" | "block";
+export type TwzrdReadinessCard = {
+    decision?: TwzrdDecision;
+    trust_score?: number;
+    can_spend?: boolean;
+    proof?: unknown;
+    caveats?: string[];
+    resource_name?: string;
+    seller_wallet?: string;
+};
+export type TwzrdPreflightInput = {
+    resource_name: string;
+    seller_wallet?: string;
+    resource_url?: string;
+    price_usdc?: number;
+    buyer_wallet?: string;
+    agent_intent?: string;
+};
+export type TwzrdGateConfig = {
+    /** Base URL without trailing slash. Default: TWZRD_INTEL_BASE or https://intel.twzrd.xyz */
+    intelBase?: string;
+    /** Block when trust_score is below this. Default: 40 */
+    preflightMinScore?: number;
+    /** decision values that deny payment. Default: ["block"] */
+    blockDecisions?: Iterable<string>;
+    /** On preflight HTTP/network failure, approve payment. Default: true */
+    failOpen?: boolean;
+    /**
+     * Deny when the card reports can_spend=false. Default: true.
+     * Free-tier preflight returns can_spend=false for most sellers (including
+     * well-known ones), so set false to follow the "gate only on decision=block"
+     * policy documented for ClawRouter/BlockRun in the twzrd-clawrouter skill.
+     */
+    gateOnCanSpend?: boolean;
+    /** Custom fetch (for tests or non-Node runtimes). Default: global fetch */
+    fetch?: typeof fetch;
+};
+export type TwzrdApproveContext = {
+    resourceUrl?: string;
+    resourceName?: string;
+    sellerWallet?: string;
+    payTo?: string;
+    priceUsdc?: number;
+    buyerWallet?: string;
+    agentIntent?: string;
+};
+export type TwzrdApprovalResult = {
+    approved: boolean;
+    card: TwzrdReadinessCard;
+    reason: string;
+    /** true when fail-open allowed payment after preflight error */
+    failOpen?: boolean;
+};
+export type X402PaymentRequirements = {
+    payTo?: string;
+    pay_to?: string;
+    maxAmountRequired?: string;
+    amount?: string;
+    resource?: string;
+    description?: string;
+};
+export type X402PaymentRequiredBody = {
+    accepts?: Array<Record<string, unknown>>;
+    x402Version?: number;
+};
+export type X402McpPaymentRequest = {
+    accepts?: Array<Record<string, unknown>>;
+    context?: {
+        resource?: string;
+        toolName?: string;
+        counterparty?: string;
+        sellerWallet?: string;
+        buyerWallet?: string;
+    };
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAEvD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,4FAA4F;IAC5F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wDAAwD;IACxD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,4DAA4D;IAC5D,cAAc,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClC,wEAAwE;IACxE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,2EAA2E;IAC3E,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,kBAAkB,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACzC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH,CAAC"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/wrap-fetch.d.ts

@@ -0,0 +1,7 @@
+import type { ResolvedTwzrdGateConfig } from "./config.js";
+/**
+ * Wrap fetch: on HTTP 402, run TWZRD preflight on payTo before caller retries with payment.
+ * Throws if policy denies; returns original 402 if approved (caller attaches payment).
+ */
+export declare function wrapFetchWithTwzrdGate(innerFetch: typeof fetch, config?: ResolvedTwzrdGateConfig): typeof fetch;
+//# sourceMappingURL=wrap-fetch.d.ts.map

package/dist/wrap-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrap-fetch.d.ts","sourceRoot":"","sources":["../src/wrap-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAc3D;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,OAAO,KAAK,EACxB,MAAM,CAAC,EAAE,uBAAuB,GAC/B,OAAO,KAAK,CA+Bd"}

package/dist/wrap-fetch.js

@@ -0,0 +1,41 @@
+import { payToFromRequirements } from "./payto.js";
+import { twzrdApprovePayment } from "./policy.js";
+function requestUrl(input) {
+    if (typeof input === "string")
+        return input;
+    if (input instanceof URL)
+        return input.href;
+    return input.url;
+}
+/**
+ * Wrap fetch: on HTTP 402, run TWZRD preflight on payTo before caller retries with payment.
+ * Throws if policy denies; returns original 402 if approved (caller attaches payment).
+ */
+export function wrapFetchWithTwzrdGate(innerFetch, config) {
+    return async (input, init) => {
+        const resp = await innerFetch(input, init);
+        if (resp.status !== 402)
+            return resp;
+        let body = {};
+        try {
+            body = (await resp.clone().json());
+        }
+        catch {
+            // 402 without a parseable x402 body — nothing to gate on; pass through
+            return resp;
+        }
+        const first = (body.accepts?.[0] ?? {});
+        const { payTo, resource } = payToFromRequirements(first);
+        const url = requestUrl(input);
+        const { approved, reason } = await twzrdApprovePayment({
+            resourceUrl: resource ?? url,
+            payTo,
+            agentIntent: "wrapFetch_402_gate",
+        }, config);
+        if (!approved) {
+            throw new Error(`[twzrd] payment blocked: ${reason} payTo=${payTo} url=${url}`);
+        }
+        return resp;
+    };
+}
+//# sourceMappingURL=wrap-fetch.js.map

package/dist/wrap-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrap-fetch.js","sourceRoot":"","sources":["../src/wrap-fetch.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAMlD,SAAS,UAAU,CAAC,KAAiB;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,KAAK,YAAY,GAAG;QAAE,OAAO,KAAK,CAAC,IAAI,CAAC;IAC5C,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAwB,EACxB,MAAgC;IAEhC,OAAO,KAAK,EAAE,KAAiB,EAAE,IAAgB,EAAqB,EAAE;QACtE,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAErC,IAAI,IAAI,GAA4B,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAA4B,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,uEAAuE;YACvE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAC;QACnE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAE9B,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,mBAAmB,CACpD;YACE,WAAW,EAAE,QAAQ,IAAI,GAAG;YAC5B,KAAK;YACL,WAAW,EAAE,oBAAoB;SAClC,EACD,MAAM,CACP,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,UAAU,KAAK,QAAQ,GAAG,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "twzrd-x402-gate",
+  "version": "0.1.0",
+  "description": "Buyer-side x402 trust gate. Run a free TWZRD preflight (ReadinessCard) before signing USDC to any x402 merchant. Wraps fetch (HTTP 402) and the @x402/mcp onPaymentRequested hook; fail-open on preflight unavailability.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "tsc",
+    "typecheck": "tsc --noEmit",
+    "test": "tsx test/policy.test.ts && tsx test/wrap-fetch.test.ts && tsx test/mcp-hook.test.ts"
+  },
+  "keywords": [
+    "x402",
+    "twzrd",
+    "preflight",
+    "trust",
+    "readiness-card",
+    "solana",
+    "usdc",
+    "clawrouter",
+    "blockrun",
+    "agent",
+    "mcp"
+  ],
+  "homepage": "https://intel.twzrd.xyz",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "tsx": "^4.7.0",
+    "typescript": "^5.4.0"
+  }
+}