npm - x402check - Versions diffs - 0.2.0 → 0.3.1 - Mend

x402check 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/cli.mjs ADDED Viewed

@@ -0,0 +1,2353 @@
+#!/usr/bin/env node
+import { existsSync, readFileSync } from "node:fs";
+import { resolve as resolve$1 } from "node:path";
+//#region src/types/errors.ts
+/**
+* Error and warning code vocabulary for x402check
+*/
+const ErrorCode = {
+	INVALID_JSON: "INVALID_JSON",
+	NOT_OBJECT: "NOT_OBJECT",
+	UNKNOWN_FORMAT: "UNKNOWN_FORMAT",
+	MISSING_VERSION: "MISSING_VERSION",
+	INVALID_VERSION: "INVALID_VERSION",
+	MISSING_ACCEPTS: "MISSING_ACCEPTS",
+	EMPTY_ACCEPTS: "EMPTY_ACCEPTS",
+	INVALID_ACCEPTS: "INVALID_ACCEPTS",
+	MISSING_SCHEME: "MISSING_SCHEME",
+	MISSING_NETWORK: "MISSING_NETWORK",
+	INVALID_NETWORK_FORMAT: "INVALID_NETWORK_FORMAT",
+	MISSING_AMOUNT: "MISSING_AMOUNT",
+	INVALID_AMOUNT: "INVALID_AMOUNT",
+	ZERO_AMOUNT: "ZERO_AMOUNT",
+	MISSING_ASSET: "MISSING_ASSET",
+	MISSING_PAY_TO: "MISSING_PAY_TO",
+	MISSING_RESOURCE: "MISSING_RESOURCE",
+	INVALID_URL: "INVALID_URL",
+	INVALID_TIMEOUT: "INVALID_TIMEOUT",
+	INVALID_EVM_ADDRESS: "INVALID_EVM_ADDRESS",
+	BAD_EVM_CHECKSUM: "BAD_EVM_CHECKSUM",
+	NO_EVM_CHECKSUM: "NO_EVM_CHECKSUM",
+	INVALID_SOLANA_ADDRESS: "INVALID_SOLANA_ADDRESS",
+	ADDRESS_NETWORK_MISMATCH: "ADDRESS_NETWORK_MISMATCH",
+	INVALID_BAZAAR_INFO: "INVALID_BAZAAR_INFO",
+	INVALID_BAZAAR_SCHEMA: "INVALID_BAZAAR_SCHEMA",
+	INVALID_BAZAAR_INFO_INPUT: "INVALID_BAZAAR_INFO_INPUT",
+	INVALID_OUTPUT_SCHEMA: "INVALID_OUTPUT_SCHEMA",
+	INVALID_OUTPUT_SCHEMA_INPUT: "INVALID_OUTPUT_SCHEMA_INPUT",
+	MISSING_INPUT_SCHEMA: "MISSING_INPUT_SCHEMA",
+	UNKNOWN_NETWORK: "UNKNOWN_NETWORK",
+	UNKNOWN_ASSET: "UNKNOWN_ASSET",
+	LEGACY_FORMAT: "LEGACY_FORMAT",
+	MISSING_MAX_TIMEOUT: "MISSING_MAX_TIMEOUT"
+};
+/**
+* Human-readable error messages for all error codes
+*/
+const ErrorMessages = {
+	INVALID_JSON: "Input is not valid JSON",
+	NOT_OBJECT: "Input must be an object",
+	UNKNOWN_FORMAT: "Missing required x402Version field (must be 1 or 2)",
+	MISSING_VERSION: "Missing required field: x402Version",
+	INVALID_VERSION: "Invalid x402Version value (must be 1 or 2)",
+	MISSING_ACCEPTS: "Missing required field: accepts",
+	EMPTY_ACCEPTS: "accepts array cannot be empty",
+	INVALID_ACCEPTS: "accepts must be an array",
+	MISSING_SCHEME: "Missing required field: scheme",
+	MISSING_NETWORK: "Missing required field: network",
+	INVALID_NETWORK_FORMAT: "Network must use CAIP-2 format (namespace:reference), e.g. eip155:8453",
+	MISSING_AMOUNT: "Missing required field: amount",
+	INVALID_AMOUNT: "Amount must be a numeric string in atomic units",
+	ZERO_AMOUNT: "Amount must be greater than zero",
+	MISSING_ASSET: "Missing required field: asset",
+	MISSING_PAY_TO: "Missing required field: payTo",
+	MISSING_RESOURCE: "Missing required field: resource",
+	INVALID_URL: "resource.url is not a valid URL format",
+	INVALID_TIMEOUT: "maxTimeoutSeconds must be a positive integer",
+	INVALID_EVM_ADDRESS: "Invalid EVM address format",
+	BAD_EVM_CHECKSUM: "EVM address has invalid checksum",
+	NO_EVM_CHECKSUM: "EVM address is all-lowercase with no checksum protection",
+	INVALID_SOLANA_ADDRESS: "Invalid Solana address format",
+	ADDRESS_NETWORK_MISMATCH: "Address format does not match network type",
+	INVALID_BAZAAR_INFO: "extensions.bazaar.info must be an object with input and output",
+	INVALID_BAZAAR_SCHEMA: "extensions.bazaar.schema must be a valid JSON Schema object",
+	INVALID_BAZAAR_INFO_INPUT: "extensions.bazaar.info.input must include type and method",
+	INVALID_OUTPUT_SCHEMA: "accepts[i].outputSchema must be an object with input and output",
+	INVALID_OUTPUT_SCHEMA_INPUT: "accepts[i].outputSchema.input must include type and method",
+	MISSING_INPUT_SCHEMA: "No input schema found (no bazaar extension or outputSchema) -- consider adding one so agents know how to call your API",
+	UNKNOWN_NETWORK: "Network is not in the known registry -- config may still work but cannot be fully validated",
+	UNKNOWN_ASSET: "Asset is not in the known registry -- config may still work but cannot be fully validated",
+	LEGACY_FORMAT: "Config uses legacy flat format -- consider upgrading to x402 v2",
+	MISSING_MAX_TIMEOUT: "Consider adding maxTimeoutSeconds for better security"
+};
+//#endregion
+//#region src/types/parse-input.ts
+/**
+* Parse input that may be either a JSON string or an object
+* API-04: Accept string | object
+*/
+function parseInput(input) {
+	if (typeof input === "string") try {
+		return { parsed: JSON.parse(input) };
+	} catch {
+		return {
+			parsed: null,
+			error: {
+				code: ErrorCode.INVALID_JSON,
+				field: "$",
+				message: ErrorMessages.INVALID_JSON,
+				severity: "error"
+			}
+		};
+	}
+	return { parsed: input };
+}
+//#endregion
+//#region src/detection/guards.ts
+/**
+* Check if value is a non-null, non-array object
+*/
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+/**
+* Check if config has an accepts array
+*/
+function hasAcceptsArray(config) {
+	return "accepts" in config && Array.isArray(config.accepts);
+}
+/**
+* Type guard for v2 config
+* Checks for accepts array + x402Version: 2
+* Note: resource is required by spec but its absence is a validation error, not a detection failure
+*/
+function isV2Config(value) {
+	if (!isRecord(value)) return false;
+	if (!hasAcceptsArray(value)) return false;
+	return "x402Version" in value && value.x402Version === 2;
+}
+/**
+* Type guard for v1 config
+* Checks for accepts array + x402Version: 1
+*/
+function isV1Config(value) {
+	if (!isRecord(value)) return false;
+	if (!hasAcceptsArray(value)) return false;
+	return "x402Version" in value && value.x402Version === 1;
+}
+//#endregion
+//#region src/detection/detect.ts
+/**
+* Detect the format of an x402 config
+*
+* @param input - JSON string or parsed object
+* @returns ConfigFormat literal: 'v2' | 'v1' | 'unknown'
+*
+* Detection requires x402Version field:
+* 1. v2: accepts array + x402Version: 2
+* 2. v1: accepts array + x402Version: 1
+* 3. unknown: anything else (including versionless configs)
+*/
+function detect(input) {
+	const { parsed, error } = parseInput(input);
+	if (error) return "unknown";
+	if (isV2Config(parsed)) return "v2";
+	if (isV1Config(parsed)) return "v1";
+	return "unknown";
+}
+//#endregion
+//#region src/detection/normalize.ts
+/**
+* Normalize any x402 config format to canonical v2 shape
+*
+* @param input - JSON string or parsed object
+* @returns NormalizedConfig or null if format is unknown/invalid
+*
+* Normalization rules:
+* - v2: Pass through with new object (FMT-07)
+* - v1: Map maxAmountRequired → amount, lift per-entry resource (FMT-06)
+* - unknown: Return null
+*
+* All transformations preserve extensions and extra fields (FMT-08)
+*/
+function normalize$1(input) {
+	const { parsed, error } = parseInput(input);
+	if (error) return null;
+	const format = detect(parsed);
+	switch (format) {
+		case "v2": return normalizeV2(parsed);
+		case "v1": return normalizeV1ToV2(parsed);
+		case "unknown": return null;
+		default: return format;
+	}
+}
+/**
+* Normalize v2 config (pass-through with new object)
+* FMT-07: v2 configs are already canonical, just create new object
+*/
+function normalizeV2(config) {
+	const result = {
+		x402Version: 2,
+		accepts: [...config.accepts],
+		resource: config.resource
+	};
+	if (config.error !== void 0) result.error = config.error;
+	if (config.extensions !== void 0) result.extensions = config.extensions;
+	return result;
+}
+/**
+* Normalize v1 config to v2
+* FMT-06: Map maxAmountRequired → amount, lift per-entry resource to top level
+*/
+function normalizeV1ToV2(config) {
+	let topLevelResource = void 0;
+	const result = {
+		x402Version: 2,
+		accepts: config.accepts.map((entry) => {
+			if (entry.resource && !topLevelResource) topLevelResource = entry.resource;
+			const mapped = {
+				scheme: entry.scheme,
+				network: entry.network,
+				amount: entry.maxAmountRequired,
+				asset: entry.asset,
+				payTo: entry.payTo
+			};
+			if (entry.maxTimeoutSeconds !== void 0) mapped.maxTimeoutSeconds = entry.maxTimeoutSeconds;
+			if (entry.extra !== void 0) mapped.extra = entry.extra;
+			return mapped;
+		})
+	};
+	if (topLevelResource !== void 0) result.resource = topLevelResource;
+	if (config.error !== void 0) result.error = config.error;
+	if (config.extensions !== void 0) result.extensions = config.extensions;
+	return result;
+}
+//#endregion
+//#region src/registries/networks.ts
+const CAIP2_REGEX = /^[-a-z0-9]{3,8}:[-_a-zA-Z0-9]{1,32}$/;
+const KNOWN_NETWORKS = {
+	"eip155:8453": {
+		name: "Base",
+		type: "evm",
+		testnet: false
+	},
+	"eip155:84532": {
+		name: "Base Sepolia",
+		type: "evm",
+		testnet: true
+	},
+	"eip155:43114": {
+		name: "Avalanche C-Chain",
+		type: "evm",
+		testnet: false
+	},
+	"eip155:43113": {
+		name: "Avalanche Fuji",
+		type: "evm",
+		testnet: true
+	},
+	"solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp": {
+		name: "Solana Mainnet",
+		type: "solana",
+		testnet: false
+	},
+	"solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1": {
+		name: "Solana Devnet",
+		type: "solana",
+		testnet: true
+	},
+	"solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z": {
+		name: "Solana Testnet",
+		type: "solana",
+		testnet: true
+	},
+	"stellar:pubnet": {
+		name: "Stellar Mainnet",
+		type: "stellar",
+		testnet: false
+	},
+	"stellar:testnet": {
+		name: "Stellar Testnet",
+		type: "stellar",
+		testnet: true
+	},
+	"aptos:1": {
+		name: "Aptos Mainnet",
+		type: "aptos",
+		testnet: false
+	},
+	"aptos:2": {
+		name: "Aptos Testnet",
+		type: "aptos",
+		testnet: true
+	}
+};
+function isValidCaip2(value) {
+	return CAIP2_REGEX.test(value);
+}
+function isKnownNetwork(caip2) {
+	return caip2 in KNOWN_NETWORKS;
+}
+function getNetworkInfo(caip2) {
+	return KNOWN_NETWORKS[caip2];
+}
+function getNetworkNamespace(caip2) {
+	if (!isValidCaip2(caip2)) return;
+	const colonIndex = caip2.indexOf(":");
+	return colonIndex > 0 ? caip2.substring(0, colonIndex) : void 0;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/_u64.js
+/**
+* Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.
+* @todo re-check https://issues.chromium.org/issues/42212588
+* @module
+*/
+const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+const _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+	if (le) return {
+		h: Number(n & U32_MASK64),
+		l: Number(n >> _32n & U32_MASK64)
+	};
+	return {
+		h: Number(n >> _32n & U32_MASK64) | 0,
+		l: Number(n & U32_MASK64) | 0
+	};
+}
+function split(lst, le = false) {
+	const len = lst.length;
+	let Ah = new Uint32Array(len);
+	let Al = new Uint32Array(len);
+	for (let i = 0; i < len; i++) {
+		const { h, l } = fromBig(lst[i], le);
+		[Ah[i], Al[i]] = [h, l];
+	}
+	return [Ah, Al];
+}
+const rotlSH = (h, l, s) => h << s | l >>> 32 - s;
+const rotlSL = (h, l, s) => l << s | h >>> 32 - s;
+const rotlBH = (h, l, s) => l << s - 32 | h >>> 64 - s;
+const rotlBL = (h, l, s) => h << s - 32 | l >>> 64 - s;
+//#endregion
+//#region ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/utils.js
+/**
+* Utilities for hex, bytes, CSPRNG.
+* @module
+*/
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
+function isBytes$1(a) {
+	return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+/** Asserts something is positive integer. */
+function anumber$1(n, title = "") {
+	if (!Number.isSafeInteger(n) || n < 0) {
+		const prefix = title && `"${title}" `;
+		throw new Error(`${prefix}expected integer >= 0, got ${n}`);
+	}
+}
+/** Asserts something is Uint8Array. */
+function abytes$1(value, length, title = "") {
+	const bytes = isBytes$1(value);
+	const len = value?.length;
+	const needsLen = length !== void 0;
+	if (!bytes || needsLen && len !== length) {
+		const prefix = title && `"${title}" `;
+		const ofLen = needsLen ? ` of length ${length}` : "";
+		const got = bytes ? `length=${len}` : `type=${typeof value}`;
+		throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+	}
+	return value;
+}
+/** Asserts a hash instance has not been destroyed / finished */
+function aexists(instance, checkFinished = true) {
+	if (instance.destroyed) throw new Error("Hash instance has been destroyed");
+	if (checkFinished && instance.finished) throw new Error("Hash#digest() has already been called");
+}
+/** Asserts output is properly-sized byte array */
+function aoutput(out, instance) {
+	abytes$1(out, void 0, "digestInto() output");
+	const min = instance.outputLen;
+	if (out.length < min) throw new Error("\"digestInto() output\" expected to be of length >=" + min);
+}
+/** Cast u8 / u16 / u32 to u32. */
+function u32(arr) {
+	return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+/** Zeroize a byte array. Warning: JS provides no guarantees. */
+function clean(...arrays) {
+	for (let i = 0; i < arrays.length; i++) arrays[i].fill(0);
+}
+/** Is current platform little-endian? Most are. Big-Endian platform: IBM */
+const isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
+/** The byte swap operation for uint32 */
+function byteSwap(word) {
+	return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+/** In place byte swap for Uint32Array */
+function byteSwap32(arr) {
+	for (let i = 0; i < arr.length; i++) arr[i] = byteSwap(arr[i]);
+	return arr;
+}
+const swap32IfBE = isLE ? (u) => u : byteSwap32;
+const hasHexBuiltin$1 = typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function";
+/** Creates function with outputLen, blockLen, create properties from a class constructor. */
+function createHasher(hashCons, info = {}) {
+	const hashC = (msg, opts) => hashCons(opts).update(msg).digest();
+	const tmp = hashCons(void 0);
+	hashC.outputLen = tmp.outputLen;
+	hashC.blockLen = tmp.blockLen;
+	hashC.create = (opts) => hashCons(opts);
+	Object.assign(hashC, info);
+	return Object.freeze(hashC);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/sha3.js
+/**
+* SHA3 (keccak) hash function, based on a new "Sponge function" design.
+* Different from older hashes, the internal state is bigger than output size.
+*
+* Check out [FIPS-202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf),
+* [Website](https://keccak.team/keccak.html),
+* [the differences between SHA-3 and Keccak](https://crypto.stackexchange.com/questions/15727/what-are-the-key-differences-between-the-draft-sha-3-standard-and-the-keccak-sub).
+*
+* Check out `sha3-addons` module for cSHAKE, k12, and others.
+* @module
+*/
+const _0n = BigInt(0);
+const _1n = BigInt(1);
+const _2n = BigInt(2);
+const _7n = BigInt(7);
+const _256n = BigInt(256);
+const _0x71n = BigInt(113);
+const SHA3_PI = [];
+const SHA3_ROTL = [];
+const _SHA3_IOTA = [];
+for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+	[x, y] = [y, (2 * x + 3 * y) % 5];
+	SHA3_PI.push(2 * (5 * y + x));
+	SHA3_ROTL.push((round + 1) * (round + 2) / 2 % 64);
+	let t = _0n;
+	for (let j = 0; j < 7; j++) {
+		R = (R << _1n ^ (R >> _7n) * _0x71n) % _256n;
+		if (R & _2n) t ^= _1n << (_1n << BigInt(j)) - _1n;
+	}
+	_SHA3_IOTA.push(t);
+}
+const IOTAS = split(_SHA3_IOTA, true);
+const SHA3_IOTA_H = IOTAS[0];
+const SHA3_IOTA_L = IOTAS[1];
+const rotlH = (h, l, s) => s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s);
+const rotlL = (h, l, s) => s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s);
+/** `keccakf1600` internal function, additionally allows to adjust round count. */
+function keccakP(s, rounds = 24) {
+	const B = new Uint32Array(10);
+	for (let round = 24 - rounds; round < 24; round++) {
+		for (let x = 0; x < 10; x++) B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+		for (let x = 0; x < 10; x += 2) {
+			const idx1 = (x + 8) % 10;
+			const idx0 = (x + 2) % 10;
+			const B0 = B[idx0];
+			const B1 = B[idx0 + 1];
+			const Th = rotlH(B0, B1, 1) ^ B[idx1];
+			const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
+			for (let y = 0; y < 50; y += 10) {
+				s[x + y] ^= Th;
+				s[x + y + 1] ^= Tl;
+			}
+		}
+		let curH = s[2];
+		let curL = s[3];
+		for (let t = 0; t < 24; t++) {
+			const shift = SHA3_ROTL[t];
+			const Th = rotlH(curH, curL, shift);
+			const Tl = rotlL(curH, curL, shift);
+			const PI = SHA3_PI[t];
+			curH = s[PI];
+			curL = s[PI + 1];
+			s[PI] = Th;
+			s[PI + 1] = Tl;
+		}
+		for (let y = 0; y < 50; y += 10) {
+			for (let x = 0; x < 10; x++) B[x] = s[y + x];
+			for (let x = 0; x < 10; x++) s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+		}
+		s[0] ^= SHA3_IOTA_H[round];
+		s[1] ^= SHA3_IOTA_L[round];
+	}
+	clean(B);
+}
+/** Keccak sponge function. */
+var Keccak = class Keccak {
+	state;
+	pos = 0;
+	posOut = 0;
+	finished = false;
+	state32;
+	destroyed = false;
+	blockLen;
+	suffix;
+	outputLen;
+	enableXOF = false;
+	rounds;
+	constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+		this.blockLen = blockLen;
+		this.suffix = suffix;
+		this.outputLen = outputLen;
+		this.enableXOF = enableXOF;
+		this.rounds = rounds;
+		anumber$1(outputLen, "outputLen");
+		if (!(0 < blockLen && blockLen < 200)) throw new Error("only keccak-f1600 function is supported");
+		this.state = new Uint8Array(200);
+		this.state32 = u32(this.state);
+	}
+	clone() {
+		return this._cloneInto();
+	}
+	keccak() {
+		swap32IfBE(this.state32);
+		keccakP(this.state32, this.rounds);
+		swap32IfBE(this.state32);
+		this.posOut = 0;
+		this.pos = 0;
+	}
+	update(data) {
+		aexists(this);
+		abytes$1(data);
+		const { blockLen, state } = this;
+		const len = data.length;
+		for (let pos = 0; pos < len;) {
+			const take = Math.min(blockLen - this.pos, len - pos);
+			for (let i = 0; i < take; i++) state[this.pos++] ^= data[pos++];
+			if (this.pos === blockLen) this.keccak();
+		}
+		return this;
+	}
+	finish() {
+		if (this.finished) return;
+		this.finished = true;
+		const { state, suffix, pos, blockLen } = this;
+		state[pos] ^= suffix;
+		if ((suffix & 128) !== 0 && pos === blockLen - 1) this.keccak();
+		state[blockLen - 1] ^= 128;
+		this.keccak();
+	}
+	writeInto(out) {
+		aexists(this, false);
+		abytes$1(out);
+		this.finish();
+		const bufferOut = this.state;
+		const { blockLen } = this;
+		for (let pos = 0, len = out.length; pos < len;) {
+			if (this.posOut >= blockLen) this.keccak();
+			const take = Math.min(blockLen - this.posOut, len - pos);
+			out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+			this.posOut += take;
+			pos += take;
+		}
+		return out;
+	}
+	xofInto(out) {
+		if (!this.enableXOF) throw new Error("XOF is not possible for this instance");
+		return this.writeInto(out);
+	}
+	xof(bytes) {
+		anumber$1(bytes);
+		return this.xofInto(new Uint8Array(bytes));
+	}
+	digestInto(out) {
+		aoutput(out, this);
+		if (this.finished) throw new Error("digest() was already called");
+		this.writeInto(out);
+		this.destroy();
+		return out;
+	}
+	digest() {
+		return this.digestInto(new Uint8Array(this.outputLen));
+	}
+	destroy() {
+		this.destroyed = true;
+		clean(this.state);
+	}
+	_cloneInto(to) {
+		const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+		to ||= new Keccak(blockLen, suffix, outputLen, enableXOF, rounds);
+		to.state32.set(this.state32);
+		to.pos = this.pos;
+		to.posOut = this.posOut;
+		to.finished = this.finished;
+		to.rounds = rounds;
+		to.suffix = suffix;
+		to.outputLen = outputLen;
+		to.enableXOF = enableXOF;
+		to.destroyed = this.destroyed;
+		return to;
+	}
+};
+const genKeccak = (suffix, blockLen, outputLen, info = {}) => createHasher(() => new Keccak(blockLen, suffix, outputLen), info);
+/** keccak-256 hash function. Different from SHA3-256. */
+const keccak_256 = /* @__PURE__ */ genKeccak(1, 136, 32);
+//#endregion
+//#region src/crypto/keccak256.ts
+/**
+* Keccak-256 hash function wrapper
+* Uses @noble/hashes for audited, tree-shakeable implementation
+*/
+/**
+* Compute Keccak-256 hash (NOT SHA-3)
+*
+* @param input - String or Uint8Array to hash
+* @returns Lowercase hex string (64 chars, no 0x prefix)
+*/
+function keccak256(input) {
+	const hash = keccak_256(typeof input === "string" ? new TextEncoder().encode(input) : input);
+	return Array.from(hash).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+//#endregion
+//#region src/crypto/eip55.ts
+/**
+* EIP-55 mixed-case checksum address encoding
+* Spec: https://eips.ethereum.org/EIPS/eip-55
+*/
+/**
+* Convert an Ethereum address to EIP-55 checksummed format
+*
+* @param address - 42-character hex address (0x-prefixed)
+* @returns Checksummed address with mixed case
+*/
+function toChecksumAddress(address) {
+	const lowerHex = address.slice(2).toLowerCase();
+	const hash = keccak256(lowerHex);
+	let result = "0x";
+	for (let i = 0; i < lowerHex.length; i++) {
+		const char = lowerHex[i];
+		const hashChar = hash[i];
+		if (!char || !hashChar) continue;
+		if (char >= "a" && char <= "f") result += parseInt(hashChar, 16) >= 8 ? char.toUpperCase() : char;
+		else result += char;
+	}
+	return result;
+}
+/**
+* Check if an address has valid EIP-55 checksum
+*
+* Returns false for all-lowercase or all-uppercase addresses
+* (these are valid formats but do not match their checksummed version)
+*
+* @param address - Address to validate
+* @returns True if checksum is valid
+*/
+function isValidChecksum(address) {
+	return address === toChecksumAddress(address);
+}
+//#endregion
+//#region src/validation/evm-address.ts
+/**
+* EVM address validation with EIP-55 checksum verification
+*/
+const EVM_ADDRESS_REGEX = /^0x[0-9a-fA-F]{40}$/;
+/**
+* Validate an EVM address format and checksum
+*
+* Returns errors for invalid format, warnings for checksum issues
+*
+* @param address - Address to validate
+* @param field - Field path for error reporting
+* @returns Array of validation issues (empty if valid)
+*/
+function validateEvmAddress(address, field) {
+	if (!EVM_ADDRESS_REGEX.test(address)) return [{
+		code: ErrorCode.INVALID_EVM_ADDRESS,
+		field,
+		message: "EVM address must be 42 hex characters with 0x prefix",
+		severity: "error",
+		fix: "Format: 0x followed by 40 hex digits (0-9, a-f, A-F)"
+	}];
+	const hexPart = address.slice(2);
+	if (address === address.toLowerCase() && /[a-f]/.test(hexPart)) return [{
+		code: ErrorCode.NO_EVM_CHECKSUM,
+		field,
+		message: "EVM address is all-lowercase with no checksum protection",
+		severity: "warning",
+		fix: `Use checksummed address to detect typos: ${toChecksumAddress(address)}`
+	}];
+	if (/^[0-9A-F]{40}$/.test(hexPart) && /[A-F]/.test(hexPart)) return [];
+	if (/^[0-9]{40}$/.test(hexPart)) return [];
+	if (!isValidChecksum(address)) return [{
+		code: ErrorCode.BAD_EVM_CHECKSUM,
+		field,
+		message: "EVM address has invalid checksum (EIP-55)",
+		severity: "warning",
+		fix: `Expected: ${toChecksumAddress(address)}`
+	}];
+	return [];
+}
+//#endregion
+//#region ../../node_modules/.pnpm/@scure+base@2.0.0/node_modules/@scure/base/index.js
+/*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function isBytes(a) {
+	return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+/** Asserts something is Uint8Array. */
+function abytes(b) {
+	if (!isBytes(b)) throw new Error("Uint8Array expected");
+}
+function isArrayOf(isString, arr) {
+	if (!Array.isArray(arr)) return false;
+	if (arr.length === 0) return true;
+	if (isString) return arr.every((item) => typeof item === "string");
+	else return arr.every((item) => Number.isSafeInteger(item));
+}
+function afn(input) {
+	if (typeof input !== "function") throw new Error("function expected");
+	return true;
+}
+function astr(label, input) {
+	if (typeof input !== "string") throw new Error(`${label}: string expected`);
+	return true;
+}
+function anumber(n) {
+	if (!Number.isSafeInteger(n)) throw new Error(`invalid integer: ${n}`);
+}
+function aArr(input) {
+	if (!Array.isArray(input)) throw new Error("array expected");
+}
+function astrArr(label, input) {
+	if (!isArrayOf(true, input)) throw new Error(`${label}: array of strings expected`);
+}
+function anumArr(label, input) {
+	if (!isArrayOf(false, input)) throw new Error(`${label}: array of numbers expected`);
+}
+/**
+* @__NO_SIDE_EFFECTS__
+*/
+function chain(...args) {
+	const id = (a) => a;
+	const wrap = (a, b) => (c) => a(b(c));
+	return {
+		encode: args.map((x) => x.encode).reduceRight(wrap, id),
+		decode: args.map((x) => x.decode).reduce(wrap, id)
+	};
+}
+/**
+* Encodes integer radix representation to array of strings using alphabet and back.
+* Could also be array of strings.
+* @__NO_SIDE_EFFECTS__
+*/
+function alphabet(letters) {
+	const lettersA = typeof letters === "string" ? letters.split("") : letters;
+	const len = lettersA.length;
+	astrArr("alphabet", lettersA);
+	const indexes = new Map(lettersA.map((l, i) => [l, i]));
+	return {
+		encode: (digits) => {
+			aArr(digits);
+			return digits.map((i) => {
+				if (!Number.isSafeInteger(i) || i < 0 || i >= len) throw new Error(`alphabet.encode: digit index outside alphabet "${i}". Allowed: ${letters}`);
+				return lettersA[i];
+			});
+		},
+		decode: (input) => {
+			aArr(input);
+			return input.map((letter) => {
+				astr("alphabet.decode", letter);
+				const i = indexes.get(letter);
+				if (i === void 0) throw new Error(`Unknown letter: "${letter}". Allowed: ${letters}`);
+				return i;
+			});
+		}
+	};
+}
+/**
+* @__NO_SIDE_EFFECTS__
+*/
+function join(separator = "") {
+	astr("join", separator);
+	return {
+		encode: (from) => {
+			astrArr("join.decode", from);
+			return from.join(separator);
+		},
+		decode: (to) => {
+			astr("join.decode", to);
+			return to.split(separator);
+		}
+	};
+}
+/**
+* Pad strings array so it has integer number of bits
+* @__NO_SIDE_EFFECTS__
+*/
+function padding(bits, chr = "=") {
+	anumber(bits);
+	astr("padding", chr);
+	return {
+		encode(data) {
+			astrArr("padding.encode", data);
+			while (data.length * bits % 8) data.push(chr);
+			return data;
+		},
+		decode(input) {
+			astrArr("padding.decode", input);
+			let end = input.length;
+			if (end * bits % 8) throw new Error("padding: invalid, string should have whole number of bytes");
+			for (; end > 0 && input[end - 1] === chr; end--) if ((end - 1) * bits % 8 === 0) throw new Error("padding: invalid, string has too much padding");
+			return input.slice(0, end);
+		}
+	};
+}
+/**
+* @__NO_SIDE_EFFECTS__
+*/
+function normalize(fn) {
+	afn(fn);
+	return {
+		encode: (from) => from,
+		decode: (to) => fn(to)
+	};
+}
+/**
+* Slow: O(n^2) time complexity
+*/
+function convertRadix(data, from, to) {
+	if (from < 2) throw new Error(`convertRadix: invalid from=${from}, base cannot be less than 2`);
+	if (to < 2) throw new Error(`convertRadix: invalid to=${to}, base cannot be less than 2`);
+	aArr(data);
+	if (!data.length) return [];
+	let pos = 0;
+	const res = [];
+	const digits = Array.from(data, (d) => {
+		anumber(d);
+		if (d < 0 || d >= from) throw new Error(`invalid integer: ${d}`);
+		return d;
+	});
+	const dlen = digits.length;
+	while (true) {
+		let carry = 0;
+		let done = true;
+		for (let i = pos; i < dlen; i++) {
+			const digit = digits[i];
+			const fromCarry = from * carry;
+			const digitBase = fromCarry + digit;
+			if (!Number.isSafeInteger(digitBase) || fromCarry / from !== carry || digitBase - digit !== fromCarry) throw new Error("convertRadix: carry overflow");
+			const div = digitBase / to;
+			carry = digitBase % to;
+			const rounded = Math.floor(div);
+			digits[i] = rounded;
+			if (!Number.isSafeInteger(rounded) || rounded * to + carry !== digitBase) throw new Error("convertRadix: carry overflow");
+			if (!done) continue;
+			else if (!rounded) pos = i;
+			else done = false;
+		}
+		res.push(carry);
+		if (done) break;
+	}
+	for (let i = 0; i < data.length - 1 && data[i] === 0; i++) res.push(0);
+	return res.reverse();
+}
+const gcd = (a, b) => b === 0 ? a : gcd(b, a % b);
+const radix2carry = /* @__NO_SIDE_EFFECTS__ */ (from, to) => from + (to - gcd(from, to));
+const powers = /* @__PURE__ */ (() => {
+	let res = [];
+	for (let i = 0; i < 40; i++) res.push(2 ** i);
+	return res;
+})();
+/**
+* Implemented with numbers, because BigInt is 5x slower
+*/
+function convertRadix2(data, from, to, padding) {
+	aArr(data);
+	if (from <= 0 || from > 32) throw new Error(`convertRadix2: wrong from=${from}`);
+	if (to <= 0 || to > 32) throw new Error(`convertRadix2: wrong to=${to}`);
+	if (/* @__PURE__ */ radix2carry(from, to) > 32) throw new Error(`convertRadix2: carry overflow from=${from} to=${to} carryBits=${/* @__PURE__ */ radix2carry(from, to)}`);
+	let carry = 0;
+	let pos = 0;
+	const max = powers[from];
+	const mask = powers[to] - 1;
+	const res = [];
+	for (const n of data) {
+		anumber(n);
+		if (n >= max) throw new Error(`convertRadix2: invalid data word=${n} from=${from}`);
+		carry = carry << from | n;
+		if (pos + from > 32) throw new Error(`convertRadix2: carry overflow pos=${pos} from=${from}`);
+		pos += from;
+		for (; pos >= to; pos -= to) res.push((carry >> pos - to & mask) >>> 0);
+		const pow = powers[pos];
+		if (pow === void 0) throw new Error("invalid carry");
+		carry &= pow - 1;
+	}
+	carry = carry << to - pos & mask;
+	if (!padding && pos >= from) throw new Error("Excess padding");
+	if (!padding && carry > 0) throw new Error(`Non-zero padding: ${carry}`);
+	if (padding && pos > 0) res.push(carry >>> 0);
+	return res;
+}
+/**
+* @__NO_SIDE_EFFECTS__
+*/
+function radix(num) {
+	anumber(num);
+	const _256 = 2 ** 8;
+	return {
+		encode: (bytes) => {
+			if (!isBytes(bytes)) throw new Error("radix.encode input should be Uint8Array");
+			return convertRadix(Array.from(bytes), _256, num);
+		},
+		decode: (digits) => {
+			anumArr("radix.decode", digits);
+			return Uint8Array.from(convertRadix(digits, num, _256));
+		}
+	};
+}
+/**
+* If both bases are power of same number (like `2**8 <-> 2**64`),
+* there is a linear algorithm. For now we have implementation for power-of-two bases only.
+* @__NO_SIDE_EFFECTS__
+*/
+function radix2(bits, revPadding = false) {
+	anumber(bits);
+	if (bits <= 0 || bits > 32) throw new Error("radix2: bits should be in (0..32]");
+	if (/* @__PURE__ */ radix2carry(8, bits) > 32 || /* @__PURE__ */ radix2carry(bits, 8) > 32) throw new Error("radix2: carry overflow");
+	return {
+		encode: (bytes) => {
+			if (!isBytes(bytes)) throw new Error("radix2.encode input should be Uint8Array");
+			return convertRadix2(Array.from(bytes), 8, bits, !revPadding);
+		},
+		decode: (digits) => {
+			anumArr("radix2.decode", digits);
+			return Uint8Array.from(convertRadix2(digits, bits, 8, revPadding));
+		}
+	};
+}
+function unsafeWrapper(fn) {
+	afn(fn);
+	return function(...args) {
+		try {
+			return fn.apply(null, args);
+		} catch (e) {}
+	};
+}
+/**
+* base16 encoding from RFC 4648.
+* @example
+* ```js
+* base16.encode(Uint8Array.from([0x12, 0xab]));
+* // => '12AB'
+* ```
+*/
+const base16 = chain(radix2(4), alphabet("0123456789ABCDEF"), join(""));
+/**
+* base32 encoding from RFC 4648. Has padding.
+* Use `base32nopad` for unpadded version.
+* Also check out `base32hex`, `base32hexnopad`, `base32crockford`.
+* @example
+* ```js
+* base32.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'CKVQ===='
+* base32.decode('CKVQ====');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base32 = chain(radix2(5), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"), padding(5), join(""));
+/**
+* base32 encoding from RFC 4648. No padding.
+* Use `base32` for padded version.
+* Also check out `base32hex`, `base32hexnopad`, `base32crockford`.
+* @example
+* ```js
+* base32nopad.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'CKVQ'
+* base32nopad.decode('CKVQ');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base32nopad = chain(radix2(5), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"), join(""));
+/**
+* base32 encoding from RFC 4648. Padded. Compared to ordinary `base32`, slightly different alphabet.
+* Use `base32hexnopad` for unpadded version.
+* @example
+* ```js
+* base32hex.encode(Uint8Array.from([0x12, 0xab]));
+* // => '2ALG===='
+* base32hex.decode('2ALG====');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base32hex = chain(radix2(5), alphabet("0123456789ABCDEFGHIJKLMNOPQRSTUV"), padding(5), join(""));
+/**
+* base32 encoding from RFC 4648. No padding. Compared to ordinary `base32`, slightly different alphabet.
+* Use `base32hex` for padded version.
+* @example
+* ```js
+* base32hexnopad.encode(Uint8Array.from([0x12, 0xab]));
+* // => '2ALG'
+* base32hexnopad.decode('2ALG');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base32hexnopad = chain(radix2(5), alphabet("0123456789ABCDEFGHIJKLMNOPQRSTUV"), join(""));
+/**
+* base32 encoding from RFC 4648. Doug Crockford's version.
+* https://www.crockford.com/base32.html
+* @example
+* ```js
+* base32crockford.encode(Uint8Array.from([0x12, 0xab]));
+* // => '2ANG'
+* base32crockford.decode('2ANG');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base32crockford = chain(radix2(5), alphabet("0123456789ABCDEFGHJKMNPQRSTVWXYZ"), join(""), normalize((s) => s.toUpperCase().replace(/O/g, "0").replace(/[IL]/g, "1")));
+const hasBase64Builtin = typeof Uint8Array.from([]).toBase64 === "function" && typeof Uint8Array.fromBase64 === "function";
+const decodeBase64Builtin = (s, isUrl) => {
+	astr("base64", s);
+	const re = isUrl ? /^[A-Za-z0-9=_-]+$/ : /^[A-Za-z0-9=+/]+$/;
+	const alphabet = isUrl ? "base64url" : "base64";
+	if (s.length > 0 && !re.test(s)) throw new Error("invalid base64");
+	return Uint8Array.fromBase64(s, {
+		alphabet,
+		lastChunkHandling: "strict"
+	});
+};
+/**
+* base64 from RFC 4648. Padded.
+* Use `base64nopad` for unpadded version.
+* Also check out `base64url`, `base64urlnopad`.
+* Falls back to built-in function, when available.
+* @example
+* ```js
+* base64.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'Eqs='
+* base64.decode('Eqs=');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base64 = hasBase64Builtin ? {
+	encode(b) {
+		abytes(b);
+		return b.toBase64();
+	},
+	decode(s) {
+		return decodeBase64Builtin(s, false);
+	}
+} : chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), padding(6), join(""));
+/**
+* base64 from RFC 4648. No padding.
+* Use `base64` for padded version.
+* @example
+* ```js
+* base64nopad.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'Eqs'
+* base64nopad.decode('Eqs');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base64nopad = chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), join(""));
+/**
+* base64 from RFC 4648, using URL-safe alphabet. Padded.
+* Use `base64urlnopad` for unpadded version.
+* Falls back to built-in function, when available.
+* @example
+* ```js
+* base64url.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'Eqs='
+* base64url.decode('Eqs=');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base64url = hasBase64Builtin ? {
+	encode(b) {
+		abytes(b);
+		return b.toBase64({ alphabet: "base64url" });
+	},
+	decode(s) {
+		return decodeBase64Builtin(s, true);
+	}
+} : chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"), padding(6), join(""));
+/**
+* base64 from RFC 4648, using URL-safe alphabet. No padding.
+* Use `base64url` for padded version.
+* @example
+* ```js
+* base64urlnopad.encode(Uint8Array.from([0x12, 0xab]));
+* // => 'Eqs'
+* base64urlnopad.decode('Eqs');
+* // => Uint8Array.from([0x12, 0xab])
+* ```
+*/
+const base64urlnopad = chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"), join(""));
+const genBase58 = /* @__NO_SIDE_EFFECTS__ */ (abc) => chain(radix(58), alphabet(abc), join(""));
+/**
+* base58: base64 without ambigous characters +, /, 0, O, I, l.
+* Quadratic (O(n^2)) - so, can't be used on large inputs.
+* @example
+* ```js
+* base58.decode('01abcdef');
+* // => '3UhJW'
+* ```
+*/
+const base58 = /* @__PURE__ */ genBase58("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
+const BECH_ALPHABET = chain(alphabet("qpzry9x8gf2tvdw0s3jn54khce6mua7l"), join(""));
+const POLYMOD_GENERATORS = [
+	996825010,
+	642813549,
+	513874426,
+	1027748829,
+	705979059
+];
+function bech32Polymod(pre) {
+	const b = pre >> 25;
+	let chk = (pre & 33554431) << 5;
+	for (let i = 0; i < POLYMOD_GENERATORS.length; i++) if ((b >> i & 1) === 1) chk ^= POLYMOD_GENERATORS[i];
+	return chk;
+}
+function bechChecksum(prefix, words, encodingConst = 1) {
+	const len = prefix.length;
+	let chk = 1;
+	for (let i = 0; i < len; i++) {
+		const c = prefix.charCodeAt(i);
+		if (c < 33 || c > 126) throw new Error(`Invalid prefix (${prefix})`);
+		chk = bech32Polymod(chk) ^ c >> 5;
+	}
+	chk = bech32Polymod(chk);
+	for (let i = 0; i < len; i++) chk = bech32Polymod(chk) ^ prefix.charCodeAt(i) & 31;
+	for (let v of words) chk = bech32Polymod(chk) ^ v;
+	for (let i = 0; i < 6; i++) chk = bech32Polymod(chk);
+	chk ^= encodingConst;
+	return BECH_ALPHABET.encode(convertRadix2([chk % powers[30]], 30, 5, false));
+}
+/**
+* @__NO_SIDE_EFFECTS__
+*/
+function genBech32(encoding) {
+	const ENCODING_CONST = encoding === "bech32" ? 1 : 734539939;
+	const _words = radix2(5);
+	const fromWords = _words.decode;
+	const toWords = _words.encode;
+	const fromWordsUnsafe = unsafeWrapper(fromWords);
+	function encode(prefix, words, limit = 90) {
+		astr("bech32.encode prefix", prefix);
+		if (isBytes(words)) words = Array.from(words);
+		anumArr("bech32.encode", words);
+		const plen = prefix.length;
+		if (plen === 0) throw new TypeError(`Invalid prefix length ${plen}`);
+		const actualLength = plen + 7 + words.length;
+		if (limit !== false && actualLength > limit) throw new TypeError(`Length ${actualLength} exceeds limit ${limit}`);
+		const lowered = prefix.toLowerCase();
+		const sum = bechChecksum(lowered, words, ENCODING_CONST);
+		return `${lowered}1${BECH_ALPHABET.encode(words)}${sum}`;
+	}
+	function decode(str, limit = 90) {
+		astr("bech32.decode input", str);
+		const slen = str.length;
+		if (slen < 8 || limit !== false && slen > limit) throw new TypeError(`invalid string length: ${slen} (${str}). Expected (8..${limit})`);
+		const lowered = str.toLowerCase();
+		if (str !== lowered && str !== str.toUpperCase()) throw new Error(`String must be lowercase or uppercase`);
+		const sepIndex = lowered.lastIndexOf("1");
+		if (sepIndex === 0 || sepIndex === -1) throw new Error(`Letter "1" must be present between prefix and data only`);
+		const prefix = lowered.slice(0, sepIndex);
+		const data = lowered.slice(sepIndex + 1);
+		if (data.length < 6) throw new Error("Data must be at least 6 characters long");
+		const words = BECH_ALPHABET.decode(data).slice(0, -6);
+		const sum = bechChecksum(prefix, words, ENCODING_CONST);
+		if (!data.endsWith(sum)) throw new Error(`Invalid checksum in ${str}: expected "${sum}"`);
+		return {
+			prefix,
+			words
+		};
+	}
+	const decodeUnsafe = unsafeWrapper(decode);
+	function decodeToBytes(str) {
+		const { prefix, words } = decode(str, false);
+		return {
+			prefix,
+			words,
+			bytes: fromWords(words)
+		};
+	}
+	function encodeFromBytes(prefix, bytes) {
+		return encode(prefix, toWords(bytes));
+	}
+	return {
+		encode,
+		decode,
+		encodeFromBytes,
+		decodeToBytes,
+		decodeUnsafe,
+		fromWords,
+		fromWordsUnsafe,
+		toWords
+	};
+}
+/**
+* bech32 from BIP 173. Operates on words.
+* For high-level, check out scure-btc-signer:
+* https://github.com/paulmillr/scure-btc-signer.
+*/
+const bech32 = genBech32("bech32");
+/**
+* bech32m from BIP 350. Operates on words.
+* It was to mitigate `bech32` weaknesses.
+* For high-level, check out scure-btc-signer:
+* https://github.com/paulmillr/scure-btc-signer.
+*/
+const bech32m = genBech32("bech32m");
+const hasHexBuiltin = typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function";
+const hexBuiltin = {
+	encode(data) {
+		abytes(data);
+		return data.toHex();
+	},
+	decode(s) {
+		astr("hex", s);
+		return Uint8Array.fromHex(s);
+	}
+};
+/**
+* hex string decoder. Uses built-in function, when available.
+* @example
+* ```js
+* const b = hex.decode("0102ff"); // => new Uint8Array([ 1, 2, 255 ])
+* const str = hex.encode(b); // "0102ff"
+* ```
+*/
+const hex = hasHexBuiltin ? hexBuiltin : chain(radix2(4), alphabet("0123456789abcdef"), join(""), normalize((s) => {
+	if (typeof s !== "string" || s.length % 2 !== 0) throw new TypeError(`hex.decode: expected string, got ${typeof s} with length ${s.length}`);
+	return s.toLowerCase();
+}));
+//#endregion
+//#region src/crypto/base58.ts
+/**
+* Base58 decoder wrapper
+* Uses @scure/base for audited, tree-shakeable implementation
+*/
+/**
+* Decode a Base58-encoded string to bytes
+*
+* Preserves leading zero bytes (represented as leading '1' characters)
+*
+* @param input - Base58 string
+* @returns Decoded bytes
+* @throws Error if input contains invalid Base58 characters
+*/
+function decodeBase58(input) {
+	try {
+		return base58.decode(input);
+	} catch (error) {
+		const message = error instanceof Error ? error.message : String(error);
+		throw new Error(`Invalid Base58: ${message}`);
+	}
+}
+//#endregion
+//#region src/validation/solana-address.ts
+/**
+* Solana address validation (Base58 + 32-byte length)
+*/
+const SOLANA_ADDRESS_REGEX = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+/**
+* Validate a Solana address (Base58 encoded public key)
+*
+* Checks Base58 format and verifies decoded length is exactly 32 bytes
+*
+* @param address - Address to validate
+* @param field - Field path for error reporting
+* @returns Array of validation issues (empty if valid)
+*/
+function validateSolanaAddress(address, field) {
+	if (!SOLANA_ADDRESS_REGEX.test(address)) return [{
+		code: ErrorCode.INVALID_SOLANA_ADDRESS,
+		field,
+		message: "Solana address must be 32-44 Base58 characters",
+		severity: "error",
+		fix: "Valid characters: 1-9, A-H, J-N, P-Z, a-k, m-z (no 0, O, I, l)"
+	}];
+	try {
+		const decoded = decodeBase58(address);
+		if (decoded.length !== 32) return [{
+			code: ErrorCode.INVALID_SOLANA_ADDRESS,
+			field,
+			message: `Solana address must decode to 32 bytes, got ${decoded.length}`,
+			severity: "error",
+			fix: "Verify address is a valid Solana public key"
+		}];
+	} catch (error) {
+		return [{
+			code: ErrorCode.INVALID_SOLANA_ADDRESS,
+			field,
+			message: "Invalid Base58 encoding",
+			severity: "error",
+			fix: error instanceof Error ? error.message : "Check Base58 encoding"
+		}];
+	}
+	return [];
+}
+//#endregion
+//#region src/validation/address.ts
+/**
+* Address validation with CAIP-2 namespace dispatch
+*
+* Dispatches to chain-specific validators based on network namespace
+*/
+/**
+* Validate an address for a specific network
+*
+* Dispatches to appropriate chain-specific validator based on CAIP-2 namespace:
+* - eip155:* → EVM address validation
+* - solana:* → Solana address validation
+* - stellar:*, aptos:* → Accept any string (deep validation deferred)
+* - Unknown namespaces → Accept any string (registry warnings handled elsewhere)
+*
+* Cross-chain mismatches are caught naturally by dispatch:
+* - EVM address (0x...) on Solana network → fails Solana Base58 validation
+* - Solana address on EVM network → fails EVM 0x-prefix validation
+*
+* @param address - Address to validate
+* @param network - CAIP-2 network identifier
+* @param field - Field path for error reporting
+* @returns Array of validation issues (empty if valid)
+*/
+function validateAddress(address, network, field) {
+	const namespace = getNetworkNamespace(network);
+	if (namespace === void 0) return [];
+	switch (namespace) {
+		case "eip155": return validateEvmAddress(address, field);
+		case "solana": return validateSolanaAddress(address, field);
+		case "stellar":
+		case "aptos": return [];
+		default: return [];
+	}
+}
+//#endregion
+//#region src/validation/rules/structure.ts
+/**
+* Validate input structure: parse JSON, check object, detect format.
+*
+* @param input - Raw JSON string or object
+* @returns StructureResult with parsed object, detected format, and issues
+*/
+function validateStructure(input) {
+	const issues = [];
+	const { parsed, error } = parseInput(input);
+	if (error) return {
+		parsed: null,
+		format: "unknown",
+		issues: [error]
+	};
+	if (!isRecord(parsed)) {
+		issues.push({
+			code: ErrorCode.NOT_OBJECT,
+			field: "$",
+			message: ErrorMessages.NOT_OBJECT,
+			severity: "error"
+		});
+		return {
+			parsed: null,
+			format: "unknown",
+			issues
+		};
+	}
+	const format = detect(parsed);
+	if (format === "unknown") issues.push({
+		code: ErrorCode.UNKNOWN_FORMAT,
+		field: "$",
+		message: ErrorMessages.UNKNOWN_FORMAT,
+		severity: "error"
+	});
+	return {
+		parsed,
+		format,
+		issues
+	};
+}
+//#endregion
+//#region src/validation/rules/version.ts
+/**
+* Validate x402Version field.
+*
+* Since normalize() always sets x402Version: 2, this mainly validates
+* the original format's version field. If somehow the value isn't 1 or 2,
+* push INVALID_VERSION error.
+*
+* Note: No MISSING_VERSION check needed here because normalize() always
+* sets it. The orchestrator handles version-related warnings for legacy
+* formats via the legacy rule module.
+*
+* @param config - Normalized config
+* @param _detectedFormat - Detected format (reserved for future use)
+* @returns Array of validation issues
+*/
+function validateVersion(config, _detectedFormat) {
+	const issues = [];
+	const version = config.x402Version;
+	if (version !== 1 && version !== 2) issues.push({
+		code: ErrorCode.INVALID_VERSION,
+		field: "x402Version",
+		message: ErrorMessages.INVALID_VERSION,
+		severity: "error"
+	});
+	return issues;
+}
+//#endregion
+//#region src/validation/rules/fields.ts
+/**
+* Validate required fields on a single accepts entry.
+*
+* @param entry - Accepts entry to validate
+* @param fieldPath - Dot-notation path for issue reporting (e.g. "accepts[0]")
+* @returns Array of validation issues
+*/
+function validateFields(entry, fieldPath) {
+	const issues = [];
+	if (!entry.scheme) issues.push({
+		code: ErrorCode.MISSING_SCHEME,
+		field: `${fieldPath}.scheme`,
+		message: ErrorMessages.MISSING_SCHEME,
+		severity: "error"
+	});
+	if (!entry.network) issues.push({
+		code: ErrorCode.MISSING_NETWORK,
+		field: `${fieldPath}.network`,
+		message: ErrorMessages.MISSING_NETWORK,
+		severity: "error"
+	});
+	if (!entry.amount) issues.push({
+		code: ErrorCode.MISSING_AMOUNT,
+		field: `${fieldPath}.amount`,
+		message: ErrorMessages.MISSING_AMOUNT,
+		severity: "error"
+	});
+	if (!entry.asset) issues.push({
+		code: ErrorCode.MISSING_ASSET,
+		field: `${fieldPath}.asset`,
+		message: ErrorMessages.MISSING_ASSET,
+		severity: "error"
+	});
+	if (!entry.payTo) issues.push({
+		code: ErrorCode.MISSING_PAY_TO,
+		field: `${fieldPath}.payTo`,
+		message: ErrorMessages.MISSING_PAY_TO,
+		severity: "error"
+	});
+	return issues;
+}
+/**
+* Validate the accepts array itself (presence, type, emptiness).
+*
+* @param config - Normalized config
+* @returns Array of validation issues
+*/
+function validateAccepts(config) {
+	const issues = [];
+	if (!Array.isArray(config.accepts)) {
+		issues.push({
+			code: ErrorCode.INVALID_ACCEPTS,
+			field: "accepts",
+			message: ErrorMessages.INVALID_ACCEPTS,
+			severity: "error"
+		});
+		return issues;
+	}
+	if (config.accepts.length === 0) issues.push({
+		code: ErrorCode.EMPTY_ACCEPTS,
+		field: "accepts",
+		message: ErrorMessages.EMPTY_ACCEPTS,
+		severity: "error"
+	});
+	return issues;
+}
+/**
+* Validate resource object on normalized config.
+*
+* For v2 configs, resource is expected. Its absence is a warning, not an error,
+* since some v2 configs work without it.
+*
+* Also validates URL format via new URL() constructor (RULE-04).
+*
+* @param config - Normalized config
+* @param detectedFormat - Detected format
+* @returns Array of validation issues
+*/
+function validateResource(config, detectedFormat) {
+	const issues = [];
+	if (!config.resource) {
+		if (detectedFormat === "v2") issues.push({
+			code: ErrorCode.MISSING_RESOURCE,
+			field: "resource",
+			message: ErrorMessages.MISSING_RESOURCE,
+			severity: "warning"
+		});
+		return issues;
+	}
+	if (!config.resource.url) {
+		issues.push({
+			code: ErrorCode.MISSING_RESOURCE,
+			field: "resource.url",
+			message: ErrorMessages.MISSING_RESOURCE,
+			severity: "warning"
+		});
+		return issues;
+	}
+	try {
+		new URL(config.resource.url);
+	} catch {
+		issues.push({
+			code: ErrorCode.INVALID_URL,
+			field: "resource.url",
+			message: "resource.url is not a valid URL format",
+			severity: "warning"
+		});
+	}
+	return issues;
+}
+//#endregion
+//#region src/registries/simple-names.ts
+const SIMPLE_NAME_TO_CAIP2 = {
+	base: "eip155:8453",
+	"base-sepolia": "eip155:84532",
+	base_sepolia: "eip155:84532",
+	avalanche: "eip155:43114",
+	"avalanche-fuji": "eip155:43113",
+	solana: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
+	"solana-devnet": "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",
+	"solana-testnet": "solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z",
+	stellar: "stellar:pubnet",
+	"stellar-testnet": "stellar:testnet",
+	aptos: "aptos:1"
+};
+function getCanonicalNetwork(name) {
+	return SIMPLE_NAME_TO_CAIP2[name.toLowerCase()];
+}
+//#endregion
+//#region src/registries/assets.ts
+const KNOWN_ASSETS = {
+	"eip155:8453": { "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913": {
+		symbol: "USDC",
+		name: "USD Coin",
+		decimals: 6
+	} },
+	"eip155:84532": { "0x036cbd53842c5426634e7929541ec2318f3dcf7e": {
+		symbol: "USDC",
+		name: "USD Coin",
+		decimals: 6
+	} },
+	"eip155:43114": { "0xb97ef9ef8734c71904d8002f8b6bc66dd9c48a6e": {
+		symbol: "USDC",
+		name: "USD Coin",
+		decimals: 6
+	} },
+	"solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp": { EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v: {
+		symbol: "USDC",
+		name: "USD Coin",
+		decimals: 6
+	} }
+};
+function isKnownAsset(network, address) {
+	const networkAssets = KNOWN_ASSETS[network];
+	if (!networkAssets) return false;
+	return (getNetworkNamespace(network) === "eip155" ? address.toLowerCase() : address) in networkAssets;
+}
+function getAssetInfo(network, address) {
+	const networkAssets = KNOWN_ASSETS[network];
+	if (!networkAssets) return;
+	return networkAssets[getNetworkNamespace(network) === "eip155" ? address.toLowerCase() : address];
+}
+//#endregion
+//#region src/validation/rules/network.ts
+/**
+* Validate network field on a single accepts entry.
+*
+* Checks CAIP-2 format and known network registry. Provides fix
+* suggestions for simple chain names that have canonical CAIP-2 mappings.
+*
+* @param entry - Accepts entry to validate
+* @param fieldPath - Dot-notation path for issue reporting (e.g. "accepts[0]")
+* @returns Array of validation issues
+*/
+function validateNetwork(entry, fieldPath) {
+	const issues = [];
+	if (!entry.network) return issues;
+	if (!isValidCaip2(entry.network)) {
+		const canonical = getCanonicalNetwork(entry.network);
+		if (canonical) issues.push({
+			code: ErrorCode.INVALID_NETWORK_FORMAT,
+			field: `${fieldPath}.network`,
+			message: ErrorMessages.INVALID_NETWORK_FORMAT,
+			severity: "error",
+			fix: `Use '${canonical}' instead of '${entry.network}'`
+		});
+		else issues.push({
+			code: ErrorCode.INVALID_NETWORK_FORMAT,
+			field: `${fieldPath}.network`,
+			message: ErrorMessages.INVALID_NETWORK_FORMAT,
+			severity: "error"
+		});
+		return issues;
+	}
+	if (!isKnownNetwork(entry.network)) issues.push({
+		code: ErrorCode.UNKNOWN_NETWORK,
+		field: `${fieldPath}.network`,
+		message: ErrorMessages.UNKNOWN_NETWORK,
+		severity: "warning"
+	});
+	return issues;
+}
+/**
+* Validate asset field on a single accepts entry.
+*
+* Checks if the asset is known for the given network. Only checks
+* when both network and asset are present and network is valid.
+*
+* @param entry - Accepts entry to validate
+* @param fieldPath - Dot-notation path for issue reporting (e.g. "accepts[0]")
+* @returns Array of validation issues
+*/
+function validateAsset(entry, fieldPath) {
+	const issues = [];
+	if (!entry.asset) return issues;
+	if (entry.network && isValidCaip2(entry.network) && !isKnownAsset(entry.network, entry.asset)) issues.push({
+		code: ErrorCode.UNKNOWN_ASSET,
+		field: `${fieldPath}.asset`,
+		message: ErrorMessages.UNKNOWN_ASSET,
+		severity: "warning"
+	});
+	return issues;
+}
+//#endregion
+//#region src/validation/rules/amount.ts
+/**
+* Validate amount field on a single accepts entry.
+*
+* Amount must be a digit-only string (no decimals, signs, or scientific notation)
+* and must be greater than zero.
+*
+* @param entry - Accepts entry to validate
+* @param fieldPath - Dot-notation path for issue reporting (e.g. "accepts[0]")
+* @returns Array of validation issues
+*/
+function validateAmount(entry, fieldPath) {
+	const issues = [];
+	if (!entry.amount) return issues;
+	if (!/^\d+$/.test(entry.amount)) {
+		issues.push({
+			code: ErrorCode.INVALID_AMOUNT,
+			field: `${fieldPath}.amount`,
+			message: ErrorMessages.INVALID_AMOUNT,
+			severity: "error"
+		});
+		return issues;
+	}
+	if (entry.amount === "0") issues.push({
+		code: ErrorCode.ZERO_AMOUNT,
+		field: `${fieldPath}.amount`,
+		message: ErrorMessages.ZERO_AMOUNT,
+		severity: "error"
+	});
+	return issues;
+}
+/**
+* Validate maxTimeoutSeconds on a single accepts entry.
+*
+* For v2 format, missing timeout produces a warning.
+* When present, timeout must be a positive integer (RULE-10).
+*
+* @param entry - Accepts entry to validate
+* @param fieldPath - Dot-notation path for issue reporting (e.g. "accepts[0]")
+* @param detectedFormat - Detected config format
+* @returns Array of validation issues
+*/
+function validateTimeout(entry, fieldPath, detectedFormat) {
+	const issues = [];
+	if (entry.maxTimeoutSeconds === void 0) {
+		if (detectedFormat === "v2") issues.push({
+			code: ErrorCode.MISSING_MAX_TIMEOUT,
+			field: `${fieldPath}.maxTimeoutSeconds`,
+			message: ErrorMessages.MISSING_MAX_TIMEOUT,
+			severity: "warning"
+		});
+		return issues;
+	}
+	if (typeof entry.maxTimeoutSeconds !== "number") {
+		issues.push({
+			code: ErrorCode.INVALID_TIMEOUT,
+			field: `${fieldPath}.maxTimeoutSeconds`,
+			message: ErrorMessages.INVALID_TIMEOUT,
+			severity: "error"
+		});
+		return issues;
+	}
+	if (!Number.isInteger(entry.maxTimeoutSeconds)) {
+		issues.push({
+			code: ErrorCode.INVALID_TIMEOUT,
+			field: `${fieldPath}.maxTimeoutSeconds`,
+			message: ErrorMessages.INVALID_TIMEOUT,
+			severity: "error"
+		});
+		return issues;
+	}
+	if (entry.maxTimeoutSeconds <= 0) issues.push({
+		code: ErrorCode.INVALID_TIMEOUT,
+		field: `${fieldPath}.maxTimeoutSeconds`,
+		message: ErrorMessages.INVALID_TIMEOUT,
+		severity: "error"
+	});
+	return issues;
+}
+//#endregion
+//#region src/validation/rules/legacy.ts
+/**
+* Validate for legacy format usage and produce upgrade suggestions.
+*
+* @param _config - Normalized config (reserved for future use)
+* @param detectedFormat - Detected config format
+* @param _originalInput - Original input object (reserved for future use)
+* @returns Array of validation issues (warnings)
+*/
+function validateLegacy(_config, detectedFormat, _originalInput) {
+	const issues = [];
+	if (detectedFormat === "v1") issues.push({
+		code: ErrorCode.LEGACY_FORMAT,
+		field: "$",
+		message: ErrorMessages.LEGACY_FORMAT,
+		severity: "warning",
+		fix: "Upgrade to x402 v2 -- use amount instead of maxAmountRequired, add resource object"
+	});
+	return issues;
+}
+//#endregion
+//#region src/validation/rules/extensions.ts
+/**
+* Check whether a value is a non-null plain object (not an array).
+*/
+function isObject(v) {
+	return v !== null && typeof v === "object" && !Array.isArray(v);
+}
+/**
+* Validate `extensions.bazaar` when present.
+*
+* Checks:
+* - bazaar is an object
+* - bazaar.info exists and is an object with input (type + method) and output
+* - bazaar.schema exists and looks like a JSON Schema object
+*
+* @returns Array of warning issues (empty when bazaar is absent or valid)
+*/
+function validateBazaar(config) {
+	const issues = [];
+	if (!config.extensions) return issues;
+	const bazaar = config.extensions["bazaar"];
+	if (bazaar === void 0) return issues;
+	if (!isObject(bazaar)) {
+		issues.push({
+			code: ErrorCode.INVALID_BAZAAR_INFO,
+			field: "extensions.bazaar",
+			message: "extensions.bazaar must be an object",
+			severity: "warning",
+			fix: "Set extensions.bazaar to an object with info and schema properties"
+		});
+		return issues;
+	}
+	const info = bazaar["info"];
+	if (!isObject(info)) issues.push({
+		code: ErrorCode.INVALID_BAZAAR_INFO,
+		field: "extensions.bazaar.info",
+		message: ErrorMessages.INVALID_BAZAAR_INFO,
+		severity: "warning",
+		fix: "Add an info object with input and output properties describing your API"
+	});
+	else {
+		const input = info["input"];
+		if (!isObject(input) || !input["type"] || !input["method"]) issues.push({
+			code: ErrorCode.INVALID_BAZAAR_INFO_INPUT,
+			field: "extensions.bazaar.info.input",
+			message: ErrorMessages.INVALID_BAZAAR_INFO_INPUT,
+			severity: "warning",
+			fix: "Add input.type (e.g. \"application/json\") and input.method (e.g. \"POST\")"
+		});
+		const output = info["output"];
+		if (!isObject(output)) issues.push({
+			code: ErrorCode.INVALID_BAZAAR_INFO,
+			field: "extensions.bazaar.info.output",
+			message: "extensions.bazaar.info.output must be an object",
+			severity: "warning",
+			fix: "Add an output object describing the API response format"
+		});
+	}
+	const schema = bazaar["schema"];
+	if (!isObject(schema) || !schema["type"] && !schema["$schema"] && !schema["properties"]) issues.push({
+		code: ErrorCode.INVALID_BAZAAR_SCHEMA,
+		field: "extensions.bazaar.schema",
+		message: ErrorMessages.INVALID_BAZAAR_SCHEMA,
+		severity: "warning",
+		fix: "Add a JSON Schema object with type, $schema, or properties"
+	});
+	return issues;
+}
+/**
+* Validate `accepts[].outputSchema` on the raw parsed input.
+*
+* Uses the raw parsed object because AcceptsEntry strips outputSchema during normalization.
+*
+* Checks per entry with outputSchema:
+* - outputSchema is an object
+* - outputSchema.input exists with type and method
+* - outputSchema.output exists and is an object
+*
+* @returns Array of warning issues
+*/
+function validateOutputSchema(parsed) {
+	const issues = [];
+	const accepts = parsed["accepts"];
+	if (!Array.isArray(accepts)) return issues;
+	for (let i = 0; i < accepts.length; i++) {
+		const entry = accepts[i];
+		if (!isObject(entry)) continue;
+		const outputSchema = entry["outputSchema"];
+		if (outputSchema === void 0) continue;
+		const fieldPath = `accepts[${i}].outputSchema`;
+		if (!isObject(outputSchema)) {
+			issues.push({
+				code: ErrorCode.INVALID_OUTPUT_SCHEMA,
+				field: fieldPath,
+				message: ErrorMessages.INVALID_OUTPUT_SCHEMA,
+				severity: "warning",
+				fix: "Set outputSchema to an object with input and output properties"
+			});
+			continue;
+		}
+		const input = outputSchema["input"];
+		if (!isObject(input) || !input["type"] || !input["method"]) issues.push({
+			code: ErrorCode.INVALID_OUTPUT_SCHEMA_INPUT,
+			field: `${fieldPath}.input`,
+			message: ErrorMessages.INVALID_OUTPUT_SCHEMA_INPUT,
+			severity: "warning",
+			fix: "Add input.type (e.g. \"application/json\") and input.method (e.g. \"POST\")"
+		});
+		const output = outputSchema["output"];
+		if (!isObject(output)) issues.push({
+			code: ErrorCode.INVALID_OUTPUT_SCHEMA,
+			field: `${fieldPath}.output`,
+			message: "accepts[i].outputSchema.output must be an object",
+			severity: "warning",
+			fix: "Add an output object describing the API response format"
+		});
+	}
+	return issues;
+}
+/**
+* Emit a warning when neither `extensions.bazaar` nor any `accepts[].outputSchema` is present.
+*
+* @returns Single-element array with MISSING_INPUT_SCHEMA warning, or empty array
+*/
+function validateMissingSchema(config, parsed) {
+	if (config.extensions && config.extensions["bazaar"] !== void 0) return [];
+	const accepts = parsed["accepts"];
+	if (Array.isArray(accepts)) {
+		for (const entry of accepts) if (isObject(entry) && entry["outputSchema"] !== void 0) return [];
+	}
+	return [{
+		code: ErrorCode.MISSING_INPUT_SCHEMA,
+		field: "extensions",
+		message: ErrorMessages.MISSING_INPUT_SCHEMA,
+		severity: "warning",
+		fix: "Add extensions.bazaar with info and schema to help agents discover your API -- see https://bazaar.x402.org"
+	}];
+}
+//#endregion
+//#region src/validation/orchestrator.ts
+/**
+* Validate an x402 config through the full pipeline.
+*
+* Takes any input (JSON string or object), runs it through:
+* 1. Structure validation (parse, object check, format detection)
+* 2. Normalization to canonical v2 shape
+* 3. Version, accepts, resource validation
+* 4. Per-entry field, network, asset, amount, timeout, address validation
+* 5. Legacy format warnings
+* 6. Strict mode promotion (warnings -> errors)
+*
+* NEVER throws -- all invalid inputs produce structured error results.
+*
+* @param input - JSON string or parsed object to validate
+* @param options - Validation options (e.g. strict mode)
+* @returns Structured validation result
+*/
+function validate(input, options) {
+	try {
+		return runPipeline(input, options);
+	} catch {
+		return {
+			valid: false,
+			version: "unknown",
+			errors: [{
+				code: ErrorCode.UNKNOWN_FORMAT,
+				field: "$",
+				message: "Unexpected validation error",
+				severity: "error"
+			}],
+			warnings: [],
+			normalized: null
+		};
+	}
+}
+/**
+* Internal pipeline implementation.
+* Separated from validate() so the try/catch safety net is clean.
+*/
+function runPipeline(input, options) {
+	const structure = validateStructure(input);
+	if (structure.issues.length > 0) return {
+		valid: false,
+		version: structure.format || "unknown",
+		errors: structure.issues,
+		warnings: [],
+		normalized: null
+	};
+	const parsed = structure.parsed;
+	const format = structure.format;
+	const normalized = normalize$1(parsed);
+	if (normalized === null) return {
+		valid: false,
+		version: format,
+		errors: [{
+			code: ErrorCode.UNKNOWN_FORMAT,
+			field: "$",
+			message: ErrorMessages.UNKNOWN_FORMAT,
+			severity: "error"
+		}],
+		warnings: [],
+		normalized: null
+	};
+	const errors = [];
+	const warnings = [];
+	errors.push(...validateVersion(normalized, format));
+	errors.push(...validateAccepts(normalized));
+	warnings.push(...validateResource(normalized, format));
+	if (Array.isArray(normalized.accepts) && normalized.accepts.length > 0) for (let i = 0; i < normalized.accepts.length; i++) {
+		const entry = normalized.accepts[i];
+		const fieldPath = `accepts[${i}]`;
+		errors.push(...validateFields(entry, fieldPath));
+		for (const issue of validateNetwork(entry, fieldPath)) if (issue.severity === "error") errors.push(issue);
+		else warnings.push(issue);
+		warnings.push(...validateAsset(entry, fieldPath));
+		errors.push(...validateAmount(entry, fieldPath));
+		for (const issue of validateTimeout(entry, fieldPath, format)) if (issue.severity === "error") errors.push(issue);
+		else warnings.push(issue);
+		if (entry.payTo && entry.network) for (const issue of validateAddress(entry.payTo, entry.network, `${fieldPath}.payTo`)) if (issue.severity === "error") errors.push(issue);
+		else warnings.push(issue);
+	}
+	warnings.push(...validateLegacy(normalized, format, parsed));
+	warnings.push(...validateBazaar(normalized));
+	warnings.push(...validateOutputSchema(parsed));
+	warnings.push(...validateMissingSchema(normalized, parsed));
+	if (options?.strict === true) {
+		for (const warning of warnings) errors.push({
+			...warning,
+			severity: "error"
+		});
+		warnings.length = 0;
+	}
+	return {
+		valid: errors.length === 0,
+		version: format,
+		errors,
+		warnings,
+		normalized
+	};
+}
+//#endregion
+//#region src/extraction/extract.ts
+/**
+* Get a header value, case-insensitive.
+* Supports both Headers objects and plain Record<string, string>.
+*/
+function getHeader(headers, name) {
+	if (!headers) return null;
+	if (typeof headers.get === "function") return headers.get(name);
+	const lower = name.toLowerCase();
+	for (const key of Object.keys(headers)) if (key.toLowerCase() === lower) return headers[key];
+	return null;
+}
+/**
+* Decode base64 string to UTF-8 text.
+* Works in both browser (atob) and Node (Buffer).
+*/
+function decodeBase64(encoded) {
+	if (typeof atob === "function") return atob(encoded);
+	return Buffer.from(encoded, "base64").toString("utf-8");
+}
+/**
+* Check if a parsed object looks like it contains x402 config fields.
+*/
+function hasX402Fields(obj) {
+	if (!obj || typeof obj !== "object") return false;
+	const rec = obj;
+	return !!(rec.accepts || rec.payTo || rec.x402Version);
+}
+/**
+* Try to parse the PAYMENT-REQUIRED header value as a base64-encoded JSON config.
+*/
+function tryHeaderExtraction(headers) {
+	const headerValue = getHeader(headers, "payment-required");
+	if (!headerValue) return null;
+	try {
+		const decoded = decodeBase64(headerValue);
+		const parsed = JSON.parse(decoded);
+		if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) return {
+			config: parsed,
+			source: "header"
+		};
+	} catch {}
+	try {
+		const parsed = JSON.parse(headerValue);
+		if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) return {
+			config: parsed,
+			source: "header"
+		};
+	} catch {}
+	return null;
+}
+/**
+* Extract an x402 config from an HTTP 402 response.
+*
+* Extraction priority:
+* 1. JSON body — if it parses and has x402 fields (accepts, payTo, x402Version)
+* 2. PAYMENT-REQUIRED header — base64-decoded JSON fallback
+*
+* Never throws. Returns structured result with error message on failure.
+*
+* @param response - Response-like object with body and/or headers
+* @returns Extraction result with config, source, and error
+*/
+function extractConfig(response) {
+	const body = response.body;
+	if (body && typeof body === "object" && !Array.isArray(body) && hasX402Fields(body)) return {
+		config: body,
+		source: "body",
+		error: null
+	};
+	if (typeof body === "string" && body.trim()) try {
+		const parsed = JSON.parse(body);
+		if (parsed && typeof parsed === "object" && !Array.isArray(parsed) && hasX402Fields(parsed)) return {
+			config: parsed,
+			source: "body",
+			error: null
+		};
+	} catch {}
+	const headerResult = tryHeaderExtraction(response.headers);
+	if (headerResult) return {
+		config: headerResult.config,
+		source: headerResult.source,
+		error: null
+	};
+	return {
+		config: null,
+		source: null,
+		error: "No x402 config found in response body or PAYMENT-REQUIRED header"
+	};
+}
+//#endregion
+//#region src/check.ts
+/**
+* Check an HTTP 402 response: extract config, validate, and enrich with registry data.
+*
+* Never throws. All failures are represented in the returned CheckResult.
+*
+* @param response - Response-like object with body and/or headers
+* @param options - Validation options (e.g. strict mode)
+* @returns Unified check result
+*/
+function check(response, options) {
+	const extraction = extractConfig(response);
+	if (!extraction.config) return {
+		extracted: false,
+		source: null,
+		extractionError: extraction.error,
+		valid: false,
+		version: "unknown",
+		errors: [],
+		warnings: [],
+		normalized: null,
+		summary: [],
+		raw: null
+	};
+	const validation = validate(extraction.config, options);
+	const summary = [];
+	const accepts = validation.normalized?.accepts ?? [];
+	for (let i = 0; i < accepts.length; i++) {
+		const entry = accepts[i];
+		const networkInfo = getNetworkInfo(entry.network);
+		const assetInfo = getAssetInfo(entry.network, entry.asset);
+		summary.push({
+			index: i,
+			network: entry.network,
+			networkName: networkInfo?.name ?? entry.network,
+			networkType: networkInfo?.type ?? null,
+			payTo: entry.payTo,
+			amount: entry.amount,
+			asset: entry.asset,
+			assetSymbol: assetInfo?.symbol ?? null,
+			assetDecimals: assetInfo?.decimals ?? null,
+			scheme: entry.scheme
+		});
+	}
+	return {
+		extracted: true,
+		source: extraction.source,
+		extractionError: null,
+		valid: validation.valid,
+		version: validation.version,
+		errors: validation.errors,
+		warnings: validation.warnings,
+		normalized: validation.normalized,
+		summary,
+		raw: extraction.config
+	};
+}
+//#endregion
+//#region src/index.ts
+const VERSION = "0.3.1";
+//#endregion
+//#region src/cli.ts
+/**
+* x402check CLI
+*
+* Validate x402 payment configurations from the command line.
+*
+* Usage:
+*   x402check <json>              Validate inline JSON
+*   x402check <file.json>         Validate a JSON file
+*   x402check <url>               Fetch URL, extract + validate 402 config
+*   echo '{}' | x402check         Validate from stdin
+*   x402check --version            Print version
+*   x402check --help               Print help
+*
+* Flags:
+*   --strict                       Promote all warnings to errors
+*   --json                         Output raw JSON (for piping)
+*   --quiet                        Only print errors (exit code only)
+*/
+function parseArgs(argv) {
+	const args = {
+		input: null,
+		strict: false,
+		json: false,
+		quiet: false,
+		help: false,
+		version: false
+	};
+	for (const arg of argv) if (arg === "--strict") args.strict = true;
+	else if (arg === "--json") args.json = true;
+	else if (arg === "--quiet" || arg === "-q") args.quiet = true;
+	else if (arg === "--help" || arg === "-h") args.help = true;
+	else if (arg === "--version" || arg === "-v") args.version = true;
+	else if (!arg.startsWith("-")) args.input = arg;
+	return args;
+}
+const HELP = `x402check v${VERSION} — validate x402 payment configurations
+Usage:
+  x402check <json>              Validate inline JSON string
+  x402check <file.json>         Validate a JSON file
+  x402check <url>               Fetch URL and check 402 response
+  echo '...' | x402check        Validate from stdin
+Flags:
+  --strict     Promote all warnings to errors
+  --json       Output raw JSON result
+  --quiet      Suppress output, exit code only
+  -h, --help   Show this help
+  -v, --version  Show version
+Exit codes:
+  0  Valid config (or --help/--version)
+  1  Invalid config or errors found
+  2  Input error (no input, bad file, fetch failure)
+Examples:
+  x402check '{"x402Version":2,"accepts":[...]}'
+  x402check config.json
+  x402check https://api.example.com/resource --strict
+  curl -s https://example.com | x402check --json
+`;
+function isUrl(s) {
+	return /^https?:\/\//i.test(s);
+}
+function isJsonLike(s) {
+	const trimmed = s.trim();
+	return trimmed.startsWith("{") || trimmed.startsWith("[");
+}
+function readStdin() {
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		const { stdin } = process;
+		if (stdin.isTTY) {
+			resolve("");
+			return;
+		}
+		stdin.on("data", (chunk) => chunks.push(chunk));
+		stdin.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+		stdin.on("error", reject);
+	});
+}
+async function fetchUrl(url) {
+	const res = await fetch(url);
+	const headers = {};
+	res.headers.forEach((value, key) => {
+		headers[key] = value;
+	});
+	let body;
+	if ((res.headers.get("content-type") || "").includes("json")) body = await res.json();
+	else body = await res.text();
+	return {
+		status: res.status,
+		body,
+		headers
+	};
+}
+function formatIssue(issue) {
+	const line = `  ${issue.severity === "error" ? "\x1B[31m✗\x1B[0m" : "\x1B[33m⚠\x1B[0m"} ${issue.code} [${issue.field}]: ${issue.message}`;
+	if (issue.fix) return line + `\n      ↳ ${issue.fix}`;
+	return line;
+}
+function formatValidationResult(result, args) {
+	if (args.json) return JSON.stringify(result, null, 2);
+	if (args.quiet) return "";
+	const lines = [];
+	if (result.valid) lines.push(`\x1b[32m✓ Valid\x1b[0m x402 config (${result.version})`);
+	else lines.push(`\x1b[31m✗ Invalid\x1b[0m x402 config (${result.version})`);
+	if (result.errors.length > 0) {
+		lines.push("");
+		lines.push(`Errors (${result.errors.length}):`);
+		for (const e of result.errors) lines.push(formatIssue(e));
+	}
+	if (result.warnings.length > 0) {
+		lines.push("");
+		lines.push(`Warnings (${result.warnings.length}):`);
+		for (const w of result.warnings) lines.push(formatIssue(w));
+	}
+	return lines.join("\n");
+}
+function formatCheckResult(result, args) {
+	if (args.json) return JSON.stringify(result, null, 2);
+	if (args.quiet) return "";
+	const lines = [];
+	if (!result.extracted) {
+		lines.push(`\x1b[31m✗ No x402 config found\x1b[0m`);
+		if (result.extractionError) lines.push(`  ${result.extractionError}`);
+		return lines.join("\n");
+	}
+	lines.push(`Extracted from: ${result.source}`);
+	if (result.valid) lines.push(`\x1b[32m✓ Valid\x1b[0m x402 config (${result.version})`);
+	else lines.push(`\x1b[31m✗ Invalid\x1b[0m x402 config (${result.version})`);
+	if (result.summary.length > 0) {
+		lines.push("");
+		lines.push("Payment options:");
+		for (const s of result.summary) {
+			const symbol = s.assetSymbol ?? s.asset;
+			const net = s.networkName;
+			lines.push(`  [${s.index}] ${s.amount} ${symbol} on ${net} → ${s.payTo.slice(0, 10)}...`);
+		}
+	}
+	if (result.errors.length > 0) {
+		lines.push("");
+		lines.push(`Errors (${result.errors.length}):`);
+		for (const e of result.errors) lines.push(formatIssue(e));
+	}
+	if (result.warnings.length > 0) {
+		lines.push("");
+		lines.push(`Warnings (${result.warnings.length}):`);
+		for (const w of result.warnings) lines.push(formatIssue(w));
+	}
+	return lines.join("\n");
+}
+async function main() {
+	const args = parseArgs(process.argv.slice(2));
+	if (args.version) {
+		console.log(VERSION);
+		return 0;
+	}
+	if (args.help) {
+		console.log(HELP);
+		return 0;
+	}
+	let input = args.input;
+	if (!input) {
+		const stdinData = await readStdin();
+		if (stdinData.trim()) input = stdinData.trim();
+	}
+	if (!input) {
+		console.error("No input provided. Run x402check --help for usage.");
+		return 2;
+	}
+	if (isUrl(input)) try {
+		const { status, body, headers } = await fetchUrl(input);
+		if (status !== 402) {
+			if (!args.quiet) console.log(`HTTP ${status} (expected 402)`);
+		}
+		const result = check({
+			body,
+			headers
+		}, { strict: args.strict });
+		const output = formatCheckResult(result, args);
+		if (output) console.log(output);
+		return result.valid ? 0 : 1;
+	} catch (err) {
+		console.error(`Fetch failed: ${err.message}`);
+		return 2;
+	}
+	if (!isJsonLike(input)) {
+		const filePath = resolve$1(input);
+		if (!existsSync(filePath)) {
+			console.error(`File not found: ${filePath}`);
+			return 2;
+		}
+		try {
+			input = readFileSync(filePath, "utf-8");
+		} catch (err) {
+			console.error(`Cannot read file: ${err.message}`);
+			return 2;
+		}
+	}
+	const result = validate(input, { strict: args.strict });
+	const output = formatValidationResult(result, args);
+	if (output) console.log(output);
+	return result.valid ? 0 : 1;
+}
+main().then((code) => process.exit(code), (err) => {
+	console.error(`Unexpected error: ${err.message}`);
+	process.exit(2);
+});
+//#endregion
+export {  };