yeetful 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/README.md +16 -0
  3. package/dist/agent.cjs +101 -25
  4. package/dist/agent.cjs.map +1 -1
  5. package/dist/agent.d.cts +19 -1
  6. package/dist/agent.d.ts +19 -1
  7. package/dist/agent.js +101 -25
  8. package/dist/agent.js.map +1 -1
  9. package/dist/client.cjs +89 -22
  10. package/dist/client.cjs.map +1 -1
  11. package/dist/client.d.cts +17 -4
  12. package/dist/client.d.ts +17 -4
  13. package/dist/client.js +88 -23
  14. package/dist/client.js.map +1 -1
  15. package/dist/express.d.cts +1 -1
  16. package/dist/express.d.ts +1 -1
  17. package/dist/index.cjs +109 -23
  18. package/dist/index.cjs.map +1 -1
  19. package/dist/index.d.cts +3 -3
  20. package/dist/index.d.ts +3 -3
  21. package/dist/index.js +108 -24
  22. package/dist/index.js.map +1 -1
  23. package/dist/next.d.cts +1 -1
  24. package/dist/next.d.ts +1 -1
  25. package/dist/server.d.cts +1 -1
  26. package/dist/server.d.ts +1 -1
  27. package/dist/{types-DzGpKiV3.d.cts → types-DgG0iIOB.d.cts} +34 -10
  28. package/dist/{types-DzGpKiV3.d.ts → types-DgG0iIOB.d.ts} +34 -10
  29. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,37 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.3.1
4
+
5
+ - **Fix: x402 v2 challenges crashed the client** (`TypeError: Cannot convert
6
+ undefined to a BigInt`). Gateways that moved to protocol v2 — e.g.
7
+ TripAdvisor's paysponge gateway — price in `amount` (not v1's
8
+ `maxAmountRequired`), use CAIP-2 network ids (`eip155:8453`, not `base`),
9
+ and expect the payment back in a `PAYMENT-SIGNATURE` envelope (not
10
+ `X-PAYMENT`). The client now reads both protocol versions and replies in
11
+ the version the challenge declared; v1 behavior is unchanged.
12
+ - Requirement selection skips entries this client can't sign (non-EVM
13
+ networks such as `solana:…`, entries with no parseable amount) instead of
14
+ crashing; an unpayable challenge raises a clean `PaymentError` and the
15
+ agent receipts it as `payment-failed`.
16
+ - Settlement tx hashes are read from v2's `payment-response` header as well
17
+ as v1's `x-payment-response`; v2 discovery docs are also parsed from the
18
+ `payment-required` response header when the body isn't JSON.
19
+ - New exports: `requirementAtomicAmount()` (version-agnostic price reader),
20
+ `signExactAuthorization()` (bare EIP-3009 payload), and the
21
+ `PaymentEnvelopeV2` type.
22
+
23
+ ## 0.3.0
24
+
25
+ - **New: hosted-ledger sync.** `yeetful({ wallet, grant, apiKey, ledgerUrl? })` —
26
+ with a yeetful.com API key (`yf_…`, minted on the dashboard) and the hosted
27
+ grant's `id`, every receipt (settlements **and** denials) POSTs to
28
+ `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so dashboard
29
+ budgets and the audit feed include headless agents. Sync is an ordered,
30
+ best-effort chain that never blocks or fails a payment.
31
+ - **New: `pay.flushLedger()`** — await before a short-lived script exits so the
32
+ last receipts aren't dropped with the process.
33
+ - `apiKey` without `grant.id` warns once via `onEvent` and disables sync.
34
+
3
35
  ## 0.2.0
4
36
 
5
37
  - **New: `yeetful/agent` — the agent expense account.** `yeetful({ wallet, grant })`
package/README.md CHANGED
@@ -45,6 +45,22 @@ try {
45
45
 
46
46
  One grant authorizes **many** endpoints (the allowlist). Use `onReceipt` to stream the audit trail to your dashboard or the Yeetful control plane.
47
47
 
48
+ ### Hosted-ledger sync
49
+
50
+ Mirror a grant you created at [yeetful.com](https://yeetful.com) and pass an API key (minted on the dashboard) — every receipt then syncs to your hosted ledger, so budgets and the audit feed include this agent's calls:
51
+
52
+ ```ts
53
+ const pay = yeetful({
54
+ wallet,
55
+ grant: { id: 'your-grant-id', allow: [...], perCallUsd: 0.05, perDayUsd: 2 },
56
+ apiKey: process.env.YEETFUL_API_KEY, // yf_…
57
+ })
58
+ // …
59
+ await pay.flushLedger() // before a short-lived script exits
60
+ ```
61
+
62
+ Sync is best-effort and never blocks or fails a payment; denials are synced too (`ok: false` with the violation code).
63
+
48
64
  > **Local vs. hard enforcement.** This SDK enforces the grant in-process — ideal for governing *your own* agents (runaway loops, bugs, injected tool calls). For adversarial guarantees, back the grant with an on-chain Coinbase **Spend Permission** so the wallet contract caps spend regardless of the SDK.
49
65
 
50
66
  ---
package/dist/agent.cjs CHANGED
@@ -36,7 +36,7 @@ function createPaymentClient(options) {
36
36
  const first = await baseFetch(input, init);
37
37
  if (first.status !== 402) return first;
38
38
  const requirements = await parsePaymentRequired(first);
39
- const requirement = selectRequirement(requirements.accepts, options);
39
+ const requirement = selectRequirement(requirements.accepts ?? [], options);
40
40
  if (!requirement) {
41
41
  throw new PaymentError("No acceptable payment requirement matched client constraints", requirements);
42
42
  }
@@ -44,9 +44,10 @@ function createPaymentClient(options) {
44
44
  const approved = await options.onPaymentRequired(requirement);
45
45
  if (!approved) throw new PaymentError("Payment rejected by user", requirements);
46
46
  }
47
- const payment = await signPayment(options.wallet, requirement);
47
+ const payload = await signExactAuthorization(options.wallet, requirement);
48
+ const header = buildPaymentHeader(requirements, requirement, payload);
48
49
  const headers = new Headers(init.headers);
49
- headers.set("X-PAYMENT", encodePayment(payment));
50
+ headers.set(header.name, header.value);
50
51
  return baseFetch(input, { ...init, headers });
51
52
  };
52
53
  }
@@ -58,22 +59,66 @@ var PaymentError = class extends Error {
58
59
  this.requirements = requirements;
59
60
  }
60
61
  };
62
+ function requirementAtomicAmount(req) {
63
+ const raw = req.amount ?? req.maxAmountRequired;
64
+ if (raw == null) return null;
65
+ try {
66
+ return BigInt(raw);
67
+ } catch {
68
+ return null;
69
+ }
70
+ }
61
71
  async function parsePaymentRequired(res) {
62
72
  try {
63
73
  return await res.clone().json();
64
74
  } catch {
75
+ const header = res.headers.get("payment-required");
76
+ if (header) {
77
+ try {
78
+ return decodePayment(header);
79
+ } catch {
80
+ }
81
+ }
65
82
  throw new PaymentError("402 response did not contain a valid x402 discovery body");
66
83
  }
67
84
  }
68
85
  function selectRequirement(accepts, opts) {
69
- const filtered = accepts.filter((a) => a.scheme === "exact").filter((a) => !opts.allowedNetworks || opts.allowedNetworks.includes(a.network)).filter((a) => !opts.maxAmountAtomic || BigInt(a.maxAmountRequired) <= opts.maxAmountAtomic);
70
- return filtered.sort(
71
- (a, b) => BigInt(a.maxAmountRequired) < BigInt(b.maxAmountRequired) ? -1 : 1
72
- )[0];
86
+ const priced = accepts.filter((a) => a.scheme === "exact").filter((a) => chainIdForNetwork(a.network) !== null).filter(
87
+ (a) => !opts.allowedNetworks || opts.allowedNetworks.some((n) => chainIdForNetwork(n) === chainIdForNetwork(a.network))
88
+ ).map((a) => ({ req: a, amount: requirementAtomicAmount(a) })).filter((e) => e.amount !== null).filter((e) => !opts.maxAmountAtomic || e.amount <= opts.maxAmountAtomic);
89
+ return priced.sort((a, b) => a.amount < b.amount ? -1 : 1)[0]?.req;
73
90
  }
74
- async function signPayment(wallet, requirement) {
91
+ function buildPaymentHeader(challenge, requirement, payload) {
92
+ const version = challenge.x402Version ?? 1;
93
+ if (version >= 2) {
94
+ const envelope = {
95
+ x402Version: version,
96
+ resource: challenge.resource,
97
+ accepted: requirement,
98
+ payload,
99
+ extensions: challenge.extensions ?? {}
100
+ };
101
+ return { name: "PAYMENT-SIGNATURE", value: encodePayment(envelope) };
102
+ }
103
+ const v1 = {
104
+ x402Version: 1,
105
+ scheme: "exact",
106
+ network: requirement.network,
107
+ payload
108
+ };
109
+ return { name: "X-PAYMENT", value: encodePayment(v1) };
110
+ }
111
+ async function signExactAuthorization(wallet, requirement) {
75
112
  const account = wallet.account;
76
113
  if (!account) throw new PaymentError("Wallet has no account attached");
114
+ const value = requirementAtomicAmount(requirement);
115
+ if (value === null) {
116
+ throw new PaymentError("x402 requirement is missing a payment amount");
117
+ }
118
+ const chainId = chainIdForNetwork(requirement.network);
119
+ if (chainId === null) {
120
+ throw new PaymentError(`Unsupported x402 network: ${requirement.network}`);
121
+ }
77
122
  const now = Math.floor(Date.now() / 1e3);
78
123
  const validAfter = BigInt(now - 60);
79
124
  const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600));
@@ -85,7 +130,7 @@ async function signPayment(wallet, requirement) {
85
130
  domain: {
86
131
  name: tokenName,
87
132
  version: tokenVersion,
88
- chainId: chainIdForNetwork(requirement.network),
133
+ chainId,
89
134
  verifyingContract: requirement.asset
90
135
  },
91
136
  types: {
@@ -102,30 +147,29 @@ async function signPayment(wallet, requirement) {
102
147
  message: {
103
148
  from: account.address,
104
149
  to: requirement.payTo,
105
- value: BigInt(requirement.maxAmountRequired),
150
+ value,
106
151
  validAfter,
107
152
  validBefore,
108
153
  nonce
109
154
  }
110
155
  });
111
156
  return {
112
- x402Version: 1,
113
- scheme: "exact",
114
- network: requirement.network,
115
- payload: {
116
- signature,
117
- authorization: {
118
- from: account.address,
119
- to: requirement.payTo,
120
- value: requirement.maxAmountRequired,
121
- validAfter: validAfter.toString(),
122
- validBefore: validBefore.toString(),
123
- nonce
124
- }
157
+ signature,
158
+ authorization: {
159
+ from: account.address,
160
+ to: requirement.payTo,
161
+ value: value.toString(),
162
+ validAfter: validAfter.toString(),
163
+ validBefore: validBefore.toString(),
164
+ nonce
125
165
  }
126
166
  };
127
167
  }
128
168
  function chainIdForNetwork(network) {
169
+ if (network.startsWith("eip155:")) {
170
+ const id = Number(network.slice("eip155:".length));
171
+ return Number.isInteger(id) && id > 0 ? id : null;
172
+ }
129
173
  switch (network) {
130
174
  case "base":
131
175
  return 8453;
@@ -139,6 +183,8 @@ function chainIdForNetwork(network) {
139
183
  return 42161;
140
184
  case "polygon":
141
185
  return 137;
186
+ default:
187
+ return null;
142
188
  }
143
189
  }
144
190
 
@@ -170,7 +216,7 @@ function hostOf(input) {
170
216
  }
171
217
  }
172
218
  function txHashOf(res) {
173
- const header = res.headers.get("x-payment-response");
219
+ const header = res.headers.get("payment-response") ?? res.headers.get("x-payment-response");
174
220
  if (!header) return void 0;
175
221
  try {
176
222
  return decodePayment(header).transaction;
@@ -185,7 +231,36 @@ function yeetful(options) {
185
231
  let spentToday = 0;
186
232
  let spentTotal = 0;
187
233
  let dayIndex = utcDayIndex(Date.now());
234
+ const ledgerEndpoint = options.apiKey && grant.id ? `${(options.ledgerUrl ?? "https://yeetful.com").replace(/\/+$/, "")}/api/grants/${grant.id}/ledger` : null;
235
+ if (options.apiKey && !grant.id) {
236
+ log("hosted-ledger sync disabled: grant.id is not set (use the id of your yeetful.com grant)");
237
+ }
238
+ let ledgerChain = Promise.resolve();
239
+ const ledgerFetch = options.fetch ?? globalThis.fetch;
240
+ const sync = (r) => {
241
+ if (!ledgerEndpoint) return;
242
+ ledgerChain = ledgerChain.then(async () => {
243
+ const res = await ledgerFetch(ledgerEndpoint, {
244
+ method: "POST",
245
+ headers: {
246
+ "content-type": "application/json",
247
+ authorization: `Bearer ${options.apiKey}`
248
+ },
249
+ body: JSON.stringify({
250
+ host: r.host,
251
+ amountUsd: r.amountUsd,
252
+ ok: r.ok,
253
+ txHash: r.txHash,
254
+ note: r.note
255
+ })
256
+ });
257
+ if (!res.ok) log(`ledger sync \u2192 ${res.status} for ${r.host}`);
258
+ }).catch((err) => {
259
+ log(`ledger sync failed for ${r.host}: ${err instanceof Error ? err.message : err}`);
260
+ });
261
+ };
188
262
  const emit = (r) => {
263
+ sync(r);
189
264
  void Promise.resolve(onReceipt?.(r)).catch(() => {
190
265
  });
191
266
  };
@@ -214,7 +289,7 @@ function yeetful(options) {
214
289
  // Per-call enforcement lives in the hook (not maxAmountAtomic) so an
215
290
  // over-cap call surfaces a clean GrantError instead of a filtered no-match.
216
291
  onPaymentRequired: (req) => {
217
- const price = Number(req.maxAmountRequired) / 1e6;
292
+ const price = Number(requirementAtomicAmount(req) ?? 0n) / 1e6;
218
293
  if (price > grant.perCallUsd) {
219
294
  deny(host, "OVER_PER_CALL", `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`);
220
295
  }
@@ -249,6 +324,7 @@ function yeetful(options) {
249
324
  pay.spentTodayUsd = () => spentToday;
250
325
  pay.remainingTodayUsd = () => Math.max(0, grant.perDayUsd - spentToday);
251
326
  pay.spentTotalUsd = () => spentTotal;
327
+ pay.flushLedger = () => ledgerChain;
252
328
  return pay;
253
329
  }
254
330
 
package/dist/agent.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/utils.ts","../src/client.ts","../src/agent.ts"],"names":["pay"],"mappings":";;;AAgCA,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AACpC,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AAG7B,SAAS,cAAc,KAAA,EAAwB;AACpD,EAAA,MAAM,QAAQ,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,IAAA,IAAQ,KAAA,EAAO,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAC5D,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAGO,SAAS,cAA2B,GAAA,EAAgB;AACzD,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,QAAQ,CAAC,CAAA;AAAA,EACnD,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,GAAG,CAAA;AACvB,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EACxE;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAC7C;AAGO,SAAS,WAAA,GAA6B;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,EAAA,OAAQ,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF;;;AC1BO,SAAS,oBAAoB,OAAA,EAAwB;AAC1D,EAAA,MAAM,YAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAEnE,EAAA,OAAO,eAAe,QAAA,CACpB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AACnB,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,CAAU,KAAA,EAAO,IAAI,CAAA;AACzC,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,GAAA,EAAK,OAAO,KAAA;AAEjC,IAAA,MAAM,YAAA,GAAe,MAAM,oBAAA,CAAqB,KAAK,CAAA;AACrD,IAAA,MAAM,WAAA,GAAc,iBAAA,CAAkB,YAAA,CAAa,OAAA,EAAS,OAAO,CAAA;AACnE,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,YAAA,CAAa,8DAAA,EAAgE,YAAY,CAAA;AAAA,IACrG;AAEA,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,iBAAA,CAAkB,WAAW,CAAA;AAC5D,MAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,YAAA,CAAa,4BAA4B,YAAY,CAAA;AAAA,IAChF;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,WAAA,CAAY,OAAA,CAAQ,QAAQ,WAAW,CAAA;AAC7D,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA;AACxC,IAAA,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,aAAA,CAAc,OAAO,CAAC,CAAA;AAE/C,IAAA,OAAO,UAAU,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,EAC9C,CAAA;AACF;AAEO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAC7B,YAAA;AAAA,EACT,WAAA,CAAY,SAAiB,YAAA,EAAwC;AACnE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AACF,CAAA;AAEA,eAAe,qBAAqB,GAAA,EAAiD;AACnF,EAAA,IAAI;AACF,IAAA,OAAQ,MAAM,GAAA,CAAI,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,EACjC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAa,0DAA0D,CAAA;AAAA,EACnF;AACF;AAEA,SAAS,iBAAA,CACP,SACA,IAAA,EACgC;AAChC,EAAA,MAAM,QAAA,GAAW,OAAA,CACd,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,OAAO,CAAA,CAClC,MAAA,CAAO,CAAC,CAAA,KAAM,CAAC,KAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,QAAA,CAAS,CAAA,CAAE,OAAO,CAAC,CAAA,CAC/E,OAAO,CAAC,CAAA,KAAM,CAAC,IAAA,CAAK,mBAAmB,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,IAAK,KAAK,eAAe,CAAA;AAE7F,EAAA,OAAO,QAAA,CAAS,IAAA;AAAA,IAAK,CAAC,CAAA,EAAG,CAAA,KACvB,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,GAAI,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,GAAI,EAAA,GAAK;AAAA,IACjE,CAAC,CAAA;AACL;AAGA,eAAsB,WAAA,CACpB,QACA,WAAA,EACyB;AACzB,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,aAAa,gCAAgC,CAAA;AAErE,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,GAAM,EAAE,CAAA;AAClC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,GAAA,IAAO,WAAA,CAAY,qBAAqB,GAAA,CAAI,CAAA;AACvE,EAAA,MAAM,QAAQ,WAAA,EAAY;AAE1B,EAAA,MAAM,SAAA,GACH,WAAA,CAAY,KAAA,EAAO,IAAA,IAA+B,UAAA;AACrD,EAAA,MAAM,YAAA,GACH,WAAA,CAAY,KAAA,EAAO,OAAA,IAAkC,GAAA;AAExD,EAAA,MAAM,SAAA,GAAa,MAAM,MAAA,CAAO,aAAA,CAAc;AAAA,IAC5C,OAAA;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,OAAA,EAAS,YAAA;AAAA,MACT,OAAA,EAAS,iBAAA,CAAkB,WAAA,CAAY,OAAO,CAAA;AAAA,MAC9C,mBAAmB,WAAA,CAAY;AAAA,KACjC;AAAA,IACA,KAAA,EAAO;AAAA,MACL,yBAAA,EAA2B;AAAA,QACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,QAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,QAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,QACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,QACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,QACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AACnC,KACF;AAAA,IACA,WAAA,EAAa,2BAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA,EAAO,MAAA,CAAO,WAAA,CAAY,iBAAiB,CAAA;AAAA,MAC3C,UAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA;AACF,GACD,CAAA;AAED,EAAA,OAAO;AAAA,IACL,WAAA,EAAa,CAAA;AAAA,IACb,MAAA,EAAQ,OAAA;AAAA,IACR,SAAS,WAAA,CAAY,OAAA;AAAA,IACrB,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,aAAA,EAAe;AAAA,QACb,MAAM,OAAA,CAAQ,OAAA;AAAA,QACd,IAAI,WAAA,CAAY,KAAA;AAAA,QAChB,OAAO,WAAA,CAAY,iBAAA;AAAA,QACnB,UAAA,EAAY,WAAW,QAAA,EAAS;AAAA,QAChC,WAAA,EAAa,YAAY,QAAA,EAAS;AAAA,QAClC;AAAA;AACF;AACF,GACF;AACF;AAEA,SAAS,kBAAkB,OAAA,EAA8B;AACvD,EAAA,QAAQ,OAAA;AAAS,IACf,KAAK,MAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,CAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,EAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,GAAA;AAAA;AAEb;;;ACpIO,IAAM,UAAA,GAAN,cAAyB,KAAA,CAAM;AAAA,EACpC,WAAA,CACS,MACP,OAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAIP,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AAAA,EACd;AAAA,EALS,IAAA;AAMX;AAsDA,SAAS,SAAS,SAAA,EAA6C;AAC7D,EAAA,IAAI,SAAA,IAAa,MAAM,OAAO,QAAA;AAC9B,EAAA,IAAI,SAAA,YAAqB,IAAA,EAAM,OAAO,SAAA,CAAU,OAAA,EAAQ;AACxD,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,EAAU,OAAO,SAAA;AAC1C,EAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACtC,EAAA,OAAO,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,GAAW,CAAA;AACtC;AAEA,SAAS,YAAY,EAAA,EAAoB;AACvC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,KAAU,CAAA;AACnC;AAEA,SAAS,OAAO,KAAA,EAAuC;AACrD,EAAA,MAAM,GAAA,GAAM,OAAO,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,YAAiB,GAAA,GAAM,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAA;AAC1F,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,KAAK,WAAA,EAAY;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAA;AAAA,EACT;AACF;AAGA,SAAS,SAAS,GAAA,EAAmC;AACnD,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AACnD,EAAA,IAAI,CAAC,QAAQ,OAAO,MAAA;AACpB,EAAA,IAAI;AACF,IAAA,OAAO,aAAA,CAA4B,MAAM,CAAA,CAAE,WAAA;AAAA,EAC7C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAMO,SAAS,QAAQ,OAAA,EAA8B;AACpD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,SAAQ,GAAI,OAAA;AAC9C,EAAA,MAAM,GAAA,GAAM,YAAY,MAAM;AAAA,EAAC,CAAA,CAAA;AAE/B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,QAAA,GAAW,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AAErC,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,KAAK,QAAQ,OAAA,CAAQ,SAAA,GAAY,CAAC,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACrD,CAAA;AACA,EAAA,MAAM,IAAA,GAAO,CAAC,IAAA,EAAc,IAAA,EAAsB,GAAA,KAAuB;AACvE,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAClE,IAAA,GAAA,CAAI,UAAK,IAAI,CAAA,QAAA,EAAM,IAAI,CAAA,EAAA,EAAK,GAAG,CAAA,CAAE,CAAA;AACjC,IAAA,MAAM,IAAI,UAAA,CAAW,IAAA,EAAM,GAAG,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,MAAM,eAAeA,IAAAA,CACzB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AAEnB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AACpC,IAAA,IAAI,UAAU,QAAA,EAAU;AACtB,MAAA,QAAA,GAAW,KAAA;AACX,MAAA,UAAA,GAAa,CAAA;AAAA,IACf;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AAGzB,IAAA,IAAA,CAAK,MAAM,MAAA,IAAU,QAAA,MAAc,WAAW,IAAA,CAAK,IAAA,EAAM,WAAW,kBAAkB,CAAA;AACtF,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG,IAAA,CAAK,IAAA,EAAM,SAAA,EAAW,mBAAmB,CAAA;AACrF,IAAA,IAAI,CAAC,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,EAAG;AAC3D,MAAA,IAAA,CAAK,IAAA,EAAM,aAAA,EAAe,CAAA,EAAG,IAAI,CAAA,iCAAA,CAAmC,CAAA;AAAA,IACtE;AAIA,IAAA,IAAI,SAAA,GAAY,CAAA;AAChB,IAAA,MAAM,SAAS,mBAAA,CAAoB;AAAA,MACjC,MAAA;AAAA,MACA,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,iBAAiB,OAAA,CAAQ,eAAA;AAAA;AAAA;AAAA,MAGzB,iBAAA,EAAmB,CAAC,GAAA,KAA4B;AAC9C,QAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA,GAAI,GAAA;AAC9C,QAAA,IAAI,KAAA,GAAQ,MAAM,UAAA,EAAY;AAC5B,UAAA,IAAA,CAAK,IAAA,EAAM,eAAA,EAAiB,CAAA,CAAA,EAAI,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,UAAU,CAAA,CAAE,CAAA;AAAA,QAC9F;AACA,QAAA,IAAI,UAAA,GAAa,KAAA,GAAQ,KAAA,CAAM,SAAA,EAAW;AACxC,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,sBAAA,EAAyB,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,IAAI,MAAM,QAAA,IAAY,IAAA,IAAQ,UAAA,GAAa,KAAA,GAAQ,MAAM,QAAA,EAAU;AACjE,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,QAAQ,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,SAAA,GAAY,KAAA;AACZ,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,KACD,CAAA;AAED,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,EAAO,IAAI,CAAA;AAAA,IAChC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,YAAe,YAAY,MAAM,GAAA;AAErC,MAAA,MAAM,IAAA,GAAO,GAAA,YAAe,YAAA,GAAe,gBAAA,GAAmB,OAAA;AAC9D,MAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAC5D,MAAA,MAAM,GAAA;AAAA,IACR;AAGA,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,UAAA,IAAc,SAAA;AACd,MAAA,UAAA,IAAc,SAAA;AAAA,IAChB;AACA,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,SAAA,EAAW,EAAA,EAAI,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,IAAA,CAAK,GAAA,IAAO,CAAA;AACtF,IAAA,GAAA,CAAI,CAAA,OAAA,EAAK,IAAI,CAAA,SAAA,EAAO,SAAA,CAAU,QAAQ,CAAC,CAAC,CAAA,aAAA,EAAa,UAAA,CAAW,QAAQ,CAAC,CAAC,CAAA,EAAA,EAAK,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAChG,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAEA,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,oBAAoB,MAAM,IAAA,CAAK,IAAI,CAAA,EAAG,KAAA,CAAM,YAAY,UAAU,CAAA;AACtE,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,OAAO,GAAA;AACT","file":"agent.cjs","sourcesContent":["import type { X402Network } from './types.js'\n\nconst USDC_BY_NETWORK: Record<X402Network, `0x${string}`> = {\n base: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',\n 'base-sepolia': '0x036CbD53842c5426634e7929541eC2318f3dCF7e',\n ethereum: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48',\n optimism: '0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85',\n arbitrum: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831',\n polygon: '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359',\n}\n\nexport const USDC_DECIMALS = 6\n\n/** Returns the canonical USDC contract address for a supported network. */\nexport function usdcAddress(network: X402Network): `0x${string}` {\n return USDC_BY_NETWORK[network]\n}\n\n/**\n * Convert a human-friendly USD amount (e.g. \"0.01\") into atomic USDC units.\n * Fixed-point to avoid float drift — safer than Number math for payments.\n */\nexport function usdToAtomic(amount: string | number, decimals = USDC_DECIMALS): string {\n const str = typeof amount === 'number' ? amount.toString() : amount\n if (!/^\\d+(\\.\\d+)?$/.test(str)) {\n throw new Error(`Invalid amount: ${str}`)\n }\n const [whole, frac = ''] = str.split('.')\n const padded = frac.slice(0, decimals).padEnd(decimals, '0')\n return (BigInt(whole ?? '0') * 10n ** BigInt(decimals) + BigInt(padded || '0')).toString()\n}\n\nconst utf8Encoder = new TextEncoder()\nconst utf8Decoder = new TextDecoder()\n\n/** Base64 encode a JSON value — works in Node 18+ and browsers. */\nexport function encodePayment(value: unknown): string {\n const bytes = utf8Encoder.encode(JSON.stringify(value))\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64')\n }\n let binary = ''\n for (const byte of bytes) binary += String.fromCharCode(byte)\n return btoa(binary)\n}\n\n/** Base64 decode a payment header value back into JSON. */\nexport function decodePayment<T = unknown>(b64: string): T {\n let bytes: Uint8Array\n if (typeof Buffer !== 'undefined') {\n bytes = new Uint8Array(Buffer.from(b64, 'base64'))\n } else {\n const binary = atob(b64)\n bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)\n }\n return JSON.parse(utf8Decoder.decode(bytes)) as T\n}\n\n/** Generate a random 32-byte nonce as a 0x-prefixed hex string. */\nexport function randomNonce(): `0x${string}` {\n const bytes = new Uint8Array(32)\n globalThis.crypto.getRandomValues(bytes)\n return ('0x' + Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('')) as `0x${string}`\n}\n","import type { Address, Hex, WalletClient } from 'viem'\nimport type {\n PaymentPayload,\n PaymentRequiredResponse,\n PaymentRequirement,\n X402Network,\n} from './types.js'\nimport { encodePayment, randomNonce } from './utils.js'\n\nexport interface ClientOptions {\n /** A viem WalletClient able to sign EIP-712 typed data. */\n wallet: WalletClient\n /** Underlying fetch to wrap (defaults to global fetch). */\n fetch?: typeof fetch\n /**\n * Hook called before signing. Return `false` to reject the payment.\n * Useful for showing a confirmation UI to the user.\n */\n onPaymentRequired?: (requirement: PaymentRequirement) => boolean | Promise<boolean>\n /** Only allow payments up to this atomic-units cap. Safety belt. */\n maxAmountAtomic?: bigint\n /** Restrict to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n}\n\n/**\n * Create a fetch wrapper that transparently handles x402 payments.\n *\n * On a 402 response, it picks the cheapest acceptable requirement,\n * signs an EIP-3009 authorization with the provided wallet, and retries\n * the request with an `X-PAYMENT` header.\n *\n * @example\n * ```ts\n * const pay = createPaymentClient({ wallet })\n * const res = await pay('https://api.example.com/premium')\n * ```\n */\nexport function createPaymentClient(options: ClientOptions) {\n const baseFetch = options.fetch ?? globalThis.fetch.bind(globalThis)\n\n return async function payFetch(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n const first = await baseFetch(input, init)\n if (first.status !== 402) return first\n\n const requirements = await parsePaymentRequired(first)\n const requirement = selectRequirement(requirements.accepts, options)\n if (!requirement) {\n throw new PaymentError('No acceptable payment requirement matched client constraints', requirements)\n }\n\n if (options.onPaymentRequired) {\n const approved = await options.onPaymentRequired(requirement)\n if (!approved) throw new PaymentError('Payment rejected by user', requirements)\n }\n\n const payment = await signPayment(options.wallet, requirement)\n const headers = new Headers(init.headers)\n headers.set('X-PAYMENT', encodePayment(payment))\n\n return baseFetch(input, { ...init, headers })\n }\n}\n\nexport class PaymentError extends Error {\n readonly requirements?: PaymentRequiredResponse\n constructor(message: string, requirements?: PaymentRequiredResponse) {\n super(message)\n this.name = 'PaymentError'\n this.requirements = requirements\n }\n}\n\nasync function parsePaymentRequired(res: Response): Promise<PaymentRequiredResponse> {\n try {\n return (await res.clone().json()) as PaymentRequiredResponse\n } catch {\n throw new PaymentError('402 response did not contain a valid x402 discovery body')\n }\n}\n\nfunction selectRequirement(\n accepts: PaymentRequirement[],\n opts: ClientOptions,\n): PaymentRequirement | undefined {\n const filtered = accepts\n .filter((a) => a.scheme === 'exact')\n .filter((a) => !opts.allowedNetworks || opts.allowedNetworks.includes(a.network))\n .filter((a) => !opts.maxAmountAtomic || BigInt(a.maxAmountRequired) <= opts.maxAmountAtomic)\n\n return filtered.sort((a, b) =>\n BigInt(a.maxAmountRequired) < BigInt(b.maxAmountRequired) ? -1 : 1,\n )[0]\n}\n\n/** Sign an EIP-3009 `TransferWithAuthorization` for the given requirement. */\nexport async function signPayment(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<PaymentPayload> {\n const account = wallet.account\n if (!account) throw new PaymentError('Wallet has no account attached')\n\n const now = Math.floor(Date.now() / 1000)\n const validAfter = BigInt(now - 60)\n const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600))\n const nonce = randomNonce()\n\n const tokenName =\n (requirement.extra?.name as string | undefined) ?? 'USD Coin'\n const tokenVersion =\n (requirement.extra?.version as string | undefined) ?? '2'\n\n const signature = (await wallet.signTypedData({\n account,\n domain: {\n name: tokenName,\n version: tokenVersion,\n chainId: chainIdForNetwork(requirement.network),\n verifyingContract: requirement.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address as Address,\n to: requirement.payTo,\n value: BigInt(requirement.maxAmountRequired),\n validAfter,\n validBefore,\n nonce,\n },\n })) as Hex\n\n return {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload: {\n signature,\n authorization: {\n from: account.address as Address,\n to: requirement.payTo,\n value: requirement.maxAmountRequired,\n validAfter: validAfter.toString(),\n validBefore: validBefore.toString(),\n nonce,\n },\n },\n }\n}\n\nfunction chainIdForNetwork(network: X402Network): number {\n switch (network) {\n case 'base':\n return 8453\n case 'base-sepolia':\n return 84532\n case 'ethereum':\n return 1\n case 'optimism':\n return 10\n case 'arbitrum':\n return 42161\n case 'polygon':\n return 137\n }\n}\n","/**\n * yeetful/agent — the \"agent expense account.\"\n *\n * Wrap your agent's HTTP calls in a single grant-aware `pay()`. Before any x402\n * payment is signed it enforces a spend grant — an allowlist of hosts plus\n * per-call / per-day / lifetime USD caps and an expiry — then pays via the\n * standard x402 client and emits a receipt for every call.\n *\n * One grant authorizes MANY endpoints (the allowlist). It's a guardrail for\n * your own agents (runaway loops, bugs, prompt-injected tool calls) and the\n * receipt feed behind budgets + audit. Enforcement here is local + instant;\n * for hard, adversarial guarantees back the grant with an on-chain Spend\n * Permission (the wallet contract caps spend regardless of this SDK).\n *\n * @example\n * ```ts\n * import { yeetful } from 'yeetful/agent'\n *\n * const pay = yeetful({\n * wallet, // viem WalletClient\n * grant: {\n * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],\n * perCallUsd: 0.05,\n * perDayUsd: 2,\n * expiresAt: '2026-12-31',\n * },\n * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),\n * })\n *\n * const res = await pay('https://tripadvisor.x402.paysponge.com/api/v1/location/search?searchQuery=tokyo')\n * // throws GrantError on NOT_ALLOWED / OVER_PER_CALL / BUDGET_EXCEEDED / EXPIRED\n * ```\n */\n\nimport type { WalletClient } from 'viem'\nimport { createPaymentClient, PaymentError } from './client.js'\nimport { decodePayment } from './utils.js'\nimport type { PaymentRequirement, SettleResult, X402Network } from './types.js'\n\nexport type GrantViolation =\n | 'EXPIRED'\n | 'REVOKED'\n | 'NOT_ALLOWED'\n | 'OVER_PER_CALL'\n | 'BUDGET_EXCEEDED'\n\nexport class GrantError extends Error {\n constructor(\n public code: GrantViolation,\n message: string,\n ) {\n super(message)\n this.name = 'GrantError'\n }\n}\n\n/** A scoped spend authorization (mirrors the hosted SpendGrant). */\nexport interface GrantPolicy {\n /** Optional id of the hosted grant this mirrors. */\n id?: string\n /** Exact hostnames this grant may pay (e.g. \"tripadvisor.x402.paysponge.com\"). */\n allow: string[]\n perCallUsd: number\n perDayUsd: number\n /** Optional lifetime cap across the life of this client instance. */\n totalUsd?: number | null\n /** Unix ms, ISO string, or Date. Omit for no expiry. */\n expiresAt?: number | string | Date\n /** 'active' | 'revoked'. Defaults to active. */\n status?: string\n}\n\n/** A single authorization decision — the audit trail + x402 receipt. */\nexport interface Receipt {\n host: string\n amountUsd: number\n ok: boolean\n txHash?: string\n /** \"settled\" on success, or the GrantViolation code on a denial. */\n note: string\n ts: number\n}\n\nexport interface AgentOptions {\n /** viem WalletClient that signs the EIP-3009 payment. */\n wallet: WalletClient\n /** The spend grant to enforce. */\n grant: GrantPolicy\n /** Underlying fetch (defaults to global fetch). */\n fetch?: typeof fetch\n /** Restrict payments to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n /** Called after every decision — wire this to your ledger / dashboard. */\n onReceipt?: (receipt: Receipt) => void | Promise<void>\n /** Human-readable progress logging. */\n onEvent?: (message: string) => void\n}\n\nexport interface PayFn {\n (input: string | URL | Request, init?: RequestInit): Promise<Response>\n /** USD spent under this grant since UTC midnight (this client instance). */\n spentTodayUsd(): number\n /** USD remaining in today's budget. */\n remainingTodayUsd(): number\n /** USD spent over the life of this client instance. */\n spentTotalUsd(): number\n}\n\nfunction expiryMs(expiresAt: GrantPolicy['expiresAt']): number {\n if (expiresAt == null) return Infinity\n if (expiresAt instanceof Date) return expiresAt.getTime()\n if (typeof expiresAt === 'number') return expiresAt\n const t = new Date(expiresAt).getTime()\n return Number.isNaN(t) ? Infinity : t\n}\n\nfunction utcDayIndex(ms: number): number {\n return Math.floor(ms / 86_400_000)\n}\n\nfunction hostOf(input: string | URL | Request): string {\n const url = typeof input === 'string' ? input : input instanceof URL ? input.href : input.url\n try {\n return new URL(url).host.toLowerCase()\n } catch {\n return ''\n }\n}\n\n/** Pull the settlement tx hash from the X-PAYMENT-RESPONSE header, if present. */\nfunction txHashOf(res: Response): string | undefined {\n const header = res.headers.get('x-payment-response')\n if (!header) return undefined\n try {\n return decodePayment<SettleResult>(header).transaction\n } catch {\n return undefined\n }\n}\n\n/**\n * Create a grant-aware paid `fetch`. Enforces the grant locally before signing\n * any x402 payment, pays with the wallet, and emits a receipt per call.\n */\nexport function yeetful(options: AgentOptions): PayFn {\n const { wallet, grant, onReceipt, onEvent } = options\n const log = onEvent ?? (() => {})\n\n let spentToday = 0\n let spentTotal = 0\n let dayIndex = utcDayIndex(Date.now())\n\n const emit = (r: Receipt) => {\n void Promise.resolve(onReceipt?.(r)).catch(() => {})\n }\n const deny = (host: string, code: GrantViolation, msg: string): never => {\n emit({ host, amountUsd: 0, ok: false, note: code, ts: Date.now() })\n log(`✗ ${host} — ${code}: ${msg}`)\n throw new GrantError(code, msg)\n }\n\n const pay = async function pay(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n // Roll the daily budget at UTC midnight.\n const today = utcDayIndex(Date.now())\n if (today !== dayIndex) {\n dayIndex = today\n spentToday = 0\n }\n\n const host = hostOf(input)\n\n // ── Pre-flight policy (no network): status → expiry → allowlist ─────────\n if ((grant.status ?? 'active') === 'revoked') deny(host, 'REVOKED', 'grant is revoked')\n if (Date.now() > expiryMs(grant.expiresAt)) deny(host, 'EXPIRED', 'grant has expired')\n if (!grant.allow.map((h) => h.toLowerCase()).includes(host)) {\n deny(host, 'NOT_ALLOWED', `${host} is not in this grant's allowlist`)\n }\n\n // Price is only known from the 402 challenge — check caps in the hook,\n // which runs after the challenge is parsed and before the payment is signed.\n let pricedUsd = 0\n const client = createPaymentClient({\n wallet,\n fetch: options.fetch,\n allowedNetworks: options.allowedNetworks,\n // Per-call enforcement lives in the hook (not maxAmountAtomic) so an\n // over-cap call surfaces a clean GrantError instead of a filtered no-match.\n onPaymentRequired: (req: PaymentRequirement) => {\n const price = Number(req.maxAmountRequired) / 1e6\n if (price > grant.perCallUsd) {\n deny(host, 'OVER_PER_CALL', `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`)\n }\n if (spentToday + price > grant.perDayUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentToday + price).toFixed(2)} exceeds today's cap $${grant.perDayUsd}`)\n }\n if (grant.totalUsd != null && spentTotal + price > grant.totalUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentTotal + price).toFixed(2)} exceeds lifetime cap $${grant.totalUsd}`)\n }\n pricedUsd = price\n return true\n },\n })\n\n let res: Response\n try {\n res = await client(input, init)\n } catch (err) {\n if (err instanceof GrantError) throw err // already denied + receipted\n // A rejection from the underlying client (e.g. no acceptable requirement).\n const note = err instanceof PaymentError ? 'payment-failed' : 'error'\n emit({ host, amountUsd: 0, ok: false, note, ts: Date.now() })\n throw err\n }\n\n // Settled (or a free, non-402 call where pricedUsd stayed 0).\n if (pricedUsd > 0) {\n spentToday += pricedUsd\n spentTotal += pricedUsd\n }\n const txHash = txHashOf(res)\n emit({ host, amountUsd: pricedUsd, ok: true, txHash, note: 'settled', ts: Date.now() })\n log(`✓ ${host} — $${pricedUsd.toFixed(4)} · today $${spentToday.toFixed(2)}/$${grant.perDayUsd}`)\n return res\n } as PayFn\n\n pay.spentTodayUsd = () => spentToday\n pay.remainingTodayUsd = () => Math.max(0, grant.perDayUsd - spentToday)\n pay.spentTotalUsd = () => spentTotal\n return pay\n}\n"]}
1
+ {"version":3,"sources":["../src/utils.ts","../src/client.ts","../src/agent.ts"],"names":["pay"],"mappings":";;;AAgCA,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AACpC,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AAG7B,SAAS,cAAc,KAAA,EAAwB;AACpD,EAAA,MAAM,QAAQ,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,IAAA,IAAQ,KAAA,EAAO,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAC5D,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAGO,SAAS,cAA2B,GAAA,EAAgB;AACzD,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,QAAQ,CAAC,CAAA;AAAA,EACnD,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,GAAG,CAAA;AACvB,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EACxE;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAC7C;AAGO,SAAS,WAAA,GAA6B;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,EAAA,OAAQ,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF;;;ACtBO,SAAS,oBAAoB,OAAA,EAAwB;AAC1D,EAAA,MAAM,YAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAEnE,EAAA,OAAO,eAAe,QAAA,CACpB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AACnB,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,CAAU,KAAA,EAAO,IAAI,CAAA;AACzC,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,GAAA,EAAK,OAAO,KAAA;AAEjC,IAAA,MAAM,YAAA,GAAe,MAAM,oBAAA,CAAqB,KAAK,CAAA;AACrD,IAAA,MAAM,cAAc,iBAAA,CAAkB,YAAA,CAAa,OAAA,IAAW,IAAI,OAAO,CAAA;AACzE,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,YAAA,CAAa,8DAAA,EAAgE,YAAY,CAAA;AAAA,IACrG;AAEA,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,iBAAA,CAAkB,WAAW,CAAA;AAC5D,MAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,YAAA,CAAa,4BAA4B,YAAY,CAAA;AAAA,IAChF;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,sBAAA,CAAuB,OAAA,CAAQ,QAAQ,WAAW,CAAA;AACxE,IAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,YAAA,EAAc,WAAA,EAAa,OAAO,CAAA;AACpE,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA;AACxC,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAA,CAAO,KAAK,CAAA;AAErC,IAAA,OAAO,UAAU,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,EAC9C,CAAA;AACF;AAEO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAC7B,YAAA;AAAA,EACT,WAAA,CAAY,SAAiB,YAAA,EAAwC;AACnE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AACF,CAAA;AAOO,SAAS,wBAAwB,GAAA,EAAwC;AAC9E,EAAA,MAAM,GAAA,GAAM,GAAA,CAAI,MAAA,IAAU,GAAA,CAAI,iBAAA;AAC9B,EAAA,IAAI,GAAA,IAAO,MAAM,OAAO,IAAA;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,qBAAqB,GAAA,EAAiD;AACnF,EAAA,IAAI;AACF,IAAA,OAAQ,MAAM,GAAA,CAAI,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,EACjC,CAAA,CAAA,MAAQ;AAGN,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA;AACjD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAI;AACF,QAAA,OAAO,cAAuC,MAAM,CAAA;AAAA,MACtD,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,MAAM,IAAI,aAAa,0DAA0D,CAAA;AAAA,EACnF;AACF;AAEA,SAAS,iBAAA,CACP,SACA,IAAA,EACgC;AAChC,EAAA,MAAM,SAAS,OAAA,CACZ,MAAA,CAAO,CAAC,CAAA,KAAM,EAAE,MAAA,KAAW,OAAO,CAAA,CAElC,MAAA,CAAO,CAAC,CAAA,KAAM,iBAAA,CAAkB,EAAE,OAAO,CAAA,KAAM,IAAI,CAAA,CACnD,MAAA;AAAA,IACC,CAAC,CAAA,KACC,CAAC,IAAA,CAAK,eAAA,IACN,KAAK,eAAA,CAAgB,IAAA,CAAK,CAAC,CAAA,KAAM,kBAAkB,CAAC,CAAA,KAAM,iBAAA,CAAkB,CAAA,CAAE,OAAO,CAAC;AAAA,GAC1F,CACC,GAAA,CAAI,CAAC,CAAA,MAAO,EAAE,GAAA,EAAK,CAAA,EAAG,MAAA,EAAQ,uBAAA,CAAwB,CAAC,CAAA,EAAE,CAAE,CAAA,CAC3D,MAAA,CAAO,CAAC,CAAA,KAAwD,CAAA,CAAE,MAAA,KAAW,IAAI,CAAA,CACjF,MAAA,CAAO,CAAC,CAAA,KAAM,CAAC,IAAA,CAAK,eAAA,IAAmB,CAAA,CAAE,MAAA,IAAU,KAAK,eAAe,CAAA;AAE1E,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAO,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,MAAA,GAAS,EAAA,GAAK,CAAE,CAAA,CAAE,CAAC,CAAA,EAAG,GAAA;AACnE;AAGA,SAAS,kBAAA,CACP,SAAA,EACA,WAAA,EACA,OAAA,EACiC;AACjC,EAAA,MAAM,OAAA,GAAU,UAAU,WAAA,IAAe,CAAA;AACzC,EAAA,IAAI,WAAW,CAAA,EAAG;AAChB,IAAA,MAAM,QAAA,GAA8B;AAAA,MAClC,WAAA,EAAa,OAAA;AAAA,MACb,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,QAAA,EAAU,WAAA;AAAA,MACV,OAAA;AAAA,MACA,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc;AAAC,KACvC;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,mBAAA,EAAqB,KAAA,EAAO,aAAA,CAAc,QAAQ,CAAA,EAAE;AAAA,EACrE;AACA,EAAA,MAAM,EAAA,GAAqB;AAAA,IACzB,WAAA,EAAa,CAAA;AAAA,IACb,MAAA,EAAQ,OAAA;AAAA,IACR,SAAS,WAAA,CAAY,OAAA;AAAA,IACrB;AAAA,GACF;AACA,EAAA,OAAO,EAAE,IAAA,EAAM,WAAA,EAAa,KAAA,EAAO,aAAA,CAAc,EAAE,CAAA,EAAE;AACvD;AAGA,eAAsB,sBAAA,CACpB,QACA,WAAA,EAC0B;AAC1B,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,aAAa,gCAAgC,CAAA;AAErE,EAAA,MAAM,KAAA,GAAQ,wBAAwB,WAAW,CAAA;AACjD,EAAA,IAAI,UAAU,IAAA,EAAM;AAClB,IAAA,MAAM,IAAI,aAAa,8CAA8C,CAAA;AAAA,EACvE;AACA,EAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,WAAA,CAAY,OAAO,CAAA;AACrD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,IAAI,YAAA,CAAa,CAAA,0BAAA,EAA6B,WAAA,CAAY,OAAO,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,GAAM,EAAE,CAAA;AAClC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,GAAA,IAAO,WAAA,CAAY,qBAAqB,GAAA,CAAI,CAAA;AACvE,EAAA,MAAM,QAAQ,WAAA,EAAY;AAE1B,EAAA,MAAM,SAAA,GACH,WAAA,CAAY,KAAA,EAAO,IAAA,IAA+B,UAAA;AACrD,EAAA,MAAM,YAAA,GACH,WAAA,CAAY,KAAA,EAAO,OAAA,IAAkC,GAAA;AAExD,EAAA,MAAM,SAAA,GAAa,MAAM,MAAA,CAAO,aAAA,CAAc;AAAA,IAC5C,OAAA;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,OAAA,EAAS,YAAA;AAAA,MACT,OAAA;AAAA,MACA,mBAAmB,WAAA,CAAY;AAAA,KACjC;AAAA,IACA,KAAA,EAAO;AAAA,MACL,yBAAA,EAA2B;AAAA,QACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,QAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,QAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,QACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,QACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,QACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AACnC,KACF;AAAA,IACA,WAAA,EAAa,2BAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA;AAAA,MACA,UAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA;AACF,GACD,CAAA;AAED,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,aAAA,EAAe;AAAA,MACb,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA,EAAO,MAAM,QAAA,EAAS;AAAA,MACtB,UAAA,EAAY,WAAW,QAAA,EAAS;AAAA,MAChC,WAAA,EAAa,YAAY,QAAA,EAAS;AAAA,MAClC;AAAA;AACF,GACF;AACF;AAmBA,SAAS,kBAAkB,OAAA,EAAgC;AACzD,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAA,CAAM,SAAA,CAAU,MAAM,CAAC,CAAA;AACjD,IAAA,OAAO,OAAO,SAAA,CAAU,EAAE,CAAA,IAAK,EAAA,GAAK,IAAI,EAAA,GAAK,IAAA;AAAA,EAC/C;AACA,EAAA,QAAQ,OAAA;AAAwB,IAC9B,KAAK,MAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,CAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,EAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,GAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;;;AC3NO,IAAM,UAAA,GAAN,cAAyB,KAAA,CAAM;AAAA,EACpC,WAAA,CACS,MACP,OAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAIP,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AAAA,EACd;AAAA,EALS,IAAA;AAMX;AAsEA,SAAS,SAAS,SAAA,EAA6C;AAC7D,EAAA,IAAI,SAAA,IAAa,MAAM,OAAO,QAAA;AAC9B,EAAA,IAAI,SAAA,YAAqB,IAAA,EAAM,OAAO,SAAA,CAAU,OAAA,EAAQ;AACxD,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,EAAU,OAAO,SAAA;AAC1C,EAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACtC,EAAA,OAAO,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,GAAW,CAAA;AACtC;AAEA,SAAS,YAAY,EAAA,EAAoB;AACvC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,KAAU,CAAA;AACnC;AAEA,SAAS,OAAO,KAAA,EAAuC;AACrD,EAAA,MAAM,GAAA,GAAM,OAAO,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,YAAiB,GAAA,GAAM,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAA;AAC1F,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,KAAK,WAAA,EAAY;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAA;AAAA,EACT;AACF;AAIA,SAAS,SAAS,GAAA,EAAmC;AACnD,EAAA,MAAM,MAAA,GAAS,IAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AAC1F,EAAA,IAAI,CAAC,QAAQ,OAAO,MAAA;AACpB,EAAA,IAAI;AACF,IAAA,OAAO,aAAA,CAA4B,MAAM,CAAA,CAAE,WAAA;AAAA,EAC7C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAMO,SAAS,QAAQ,OAAA,EAA8B;AACpD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,SAAQ,GAAI,OAAA;AAC9C,EAAA,MAAM,GAAA,GAAM,YAAY,MAAM;AAAA,EAAC,CAAA,CAAA;AAE/B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,QAAA,GAAW,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AAGrC,EAAA,MAAM,iBACJ,OAAA,CAAQ,MAAA,IAAU,KAAA,CAAM,EAAA,GACpB,IAAI,OAAA,CAAQ,SAAA,IAAa,qBAAA,EAAuB,OAAA,CAAQ,QAAQ,EAAE,CAAC,CAAA,YAAA,EAAe,KAAA,CAAM,EAAE,CAAA,OAAA,CAAA,GAC1F,IAAA;AACN,EAAA,IAAI,OAAA,CAAQ,MAAA,IAAU,CAAC,KAAA,CAAM,EAAA,EAAI;AAC/B,IAAA,GAAA,CAAI,yFAAyF,CAAA;AAAA,EAC/F;AAGA,EAAA,IAAI,WAAA,GAA6B,QAAQ,OAAA,EAAQ;AACjD,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAChD,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAI,CAAC,cAAA,EAAgB;AACrB,IAAA,WAAA,GAAc,WAAA,CACX,KAAK,YAAY;AAChB,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAY,cAAA,EAAgB;AAAA,QAC5C,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,CAAA,OAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,SACzC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,MAAM,CAAA,CAAE,IAAA;AAAA,UACR,WAAW,CAAA,CAAE,SAAA;AAAA,UACb,IAAI,CAAA,CAAE,EAAA;AAAA,UACN,QAAQ,CAAA,CAAE,MAAA;AAAA,UACV,MAAM,CAAA,CAAE;AAAA,SACT;AAAA,OACF,CAAA;AACD,MAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,GAAA,CAAI,CAAA,mBAAA,EAAiB,IAAI,MAAM,CAAA,KAAA,EAAQ,CAAA,CAAE,IAAI,CAAA,CAAE,CAAA;AAAA,IAC9D,CAAC,CAAA,CACA,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,GAAA,CAAI,CAAA,uBAAA,EAA0B,EAAE,IAAI,CAAA,EAAA,EAAK,eAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,GAAG,CAAA,CAAE,CAAA;AAAA,IACrF,CAAC,CAAA;AAAA,EACL,CAAA;AAEA,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAA,CAAK,CAAC,CAAA;AACN,IAAA,KAAK,QAAQ,OAAA,CAAQ,SAAA,GAAY,CAAC,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACrD,CAAA;AACA,EAAA,MAAM,IAAA,GAAO,CAAC,IAAA,EAAc,IAAA,EAAsB,GAAA,KAAuB;AACvE,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAClE,IAAA,GAAA,CAAI,UAAK,IAAI,CAAA,QAAA,EAAM,IAAI,CAAA,EAAA,EAAK,GAAG,CAAA,CAAE,CAAA;AACjC,IAAA,MAAM,IAAI,UAAA,CAAW,IAAA,EAAM,GAAG,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,MAAM,eAAeA,IAAAA,CACzB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AAEnB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AACpC,IAAA,IAAI,UAAU,QAAA,EAAU;AACtB,MAAA,QAAA,GAAW,KAAA;AACX,MAAA,UAAA,GAAa,CAAA;AAAA,IACf;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AAGzB,IAAA,IAAA,CAAK,MAAM,MAAA,IAAU,QAAA,MAAc,WAAW,IAAA,CAAK,IAAA,EAAM,WAAW,kBAAkB,CAAA;AACtF,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG,IAAA,CAAK,IAAA,EAAM,SAAA,EAAW,mBAAmB,CAAA;AACrF,IAAA,IAAI,CAAC,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,EAAG;AAC3D,MAAA,IAAA,CAAK,IAAA,EAAM,aAAA,EAAe,CAAA,EAAG,IAAI,CAAA,iCAAA,CAAmC,CAAA;AAAA,IACtE;AAIA,IAAA,IAAI,SAAA,GAAY,CAAA;AAChB,IAAA,MAAM,SAAS,mBAAA,CAAoB;AAAA,MACjC,MAAA;AAAA,MACA,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,iBAAiB,OAAA,CAAQ,eAAA;AAAA;AAAA;AAAA,MAGzB,iBAAA,EAAmB,CAAC,GAAA,KAA4B;AAG9C,QAAA,MAAM,QAAQ,MAAA,CAAO,uBAAA,CAAwB,GAAG,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA;AAC3D,QAAA,IAAI,KAAA,GAAQ,MAAM,UAAA,EAAY;AAC5B,UAAA,IAAA,CAAK,IAAA,EAAM,eAAA,EAAiB,CAAA,CAAA,EAAI,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,UAAU,CAAA,CAAE,CAAA;AAAA,QAC9F;AACA,QAAA,IAAI,UAAA,GAAa,KAAA,GAAQ,KAAA,CAAM,SAAA,EAAW;AACxC,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,sBAAA,EAAyB,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,IAAI,MAAM,QAAA,IAAY,IAAA,IAAQ,UAAA,GAAa,KAAA,GAAQ,MAAM,QAAA,EAAU;AACjE,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,QAAQ,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,SAAA,GAAY,KAAA;AACZ,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,KACD,CAAA;AAED,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,EAAO,IAAI,CAAA;AAAA,IAChC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,YAAe,YAAY,MAAM,GAAA;AAErC,MAAA,MAAM,IAAA,GAAO,GAAA,YAAe,YAAA,GAAe,gBAAA,GAAmB,OAAA;AAC9D,MAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAC5D,MAAA,MAAM,GAAA;AAAA,IACR;AAGA,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,UAAA,IAAc,SAAA;AACd,MAAA,UAAA,IAAc,SAAA;AAAA,IAChB;AACA,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,SAAA,EAAW,EAAA,EAAI,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,IAAA,CAAK,GAAA,IAAO,CAAA;AACtF,IAAA,GAAA,CAAI,CAAA,OAAA,EAAK,IAAI,CAAA,SAAA,EAAO,SAAA,CAAU,QAAQ,CAAC,CAAC,CAAA,aAAA,EAAa,UAAA,CAAW,QAAQ,CAAC,CAAC,CAAA,EAAA,EAAK,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAChG,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAEA,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,oBAAoB,MAAM,IAAA,CAAK,IAAI,CAAA,EAAG,KAAA,CAAM,YAAY,UAAU,CAAA;AACtE,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,cAAc,MAAM,WAAA;AACxB,EAAA,OAAO,GAAA;AACT","file":"agent.cjs","sourcesContent":["import type { X402Network } from './types.js'\n\nconst USDC_BY_NETWORK: Record<X402Network, `0x${string}`> = {\n base: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',\n 'base-sepolia': '0x036CbD53842c5426634e7929541eC2318f3dCF7e',\n ethereum: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48',\n optimism: '0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85',\n arbitrum: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831',\n polygon: '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359',\n}\n\nexport const USDC_DECIMALS = 6\n\n/** Returns the canonical USDC contract address for a supported network. */\nexport function usdcAddress(network: X402Network): `0x${string}` {\n return USDC_BY_NETWORK[network]\n}\n\n/**\n * Convert a human-friendly USD amount (e.g. \"0.01\") into atomic USDC units.\n * Fixed-point to avoid float drift — safer than Number math for payments.\n */\nexport function usdToAtomic(amount: string | number, decimals = USDC_DECIMALS): string {\n const str = typeof amount === 'number' ? amount.toString() : amount\n if (!/^\\d+(\\.\\d+)?$/.test(str)) {\n throw new Error(`Invalid amount: ${str}`)\n }\n const [whole, frac = ''] = str.split('.')\n const padded = frac.slice(0, decimals).padEnd(decimals, '0')\n return (BigInt(whole ?? '0') * 10n ** BigInt(decimals) + BigInt(padded || '0')).toString()\n}\n\nconst utf8Encoder = new TextEncoder()\nconst utf8Decoder = new TextDecoder()\n\n/** Base64 encode a JSON value — works in Node 18+ and browsers. */\nexport function encodePayment(value: unknown): string {\n const bytes = utf8Encoder.encode(JSON.stringify(value))\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64')\n }\n let binary = ''\n for (const byte of bytes) binary += String.fromCharCode(byte)\n return btoa(binary)\n}\n\n/** Base64 decode a payment header value back into JSON. */\nexport function decodePayment<T = unknown>(b64: string): T {\n let bytes: Uint8Array\n if (typeof Buffer !== 'undefined') {\n bytes = new Uint8Array(Buffer.from(b64, 'base64'))\n } else {\n const binary = atob(b64)\n bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)\n }\n return JSON.parse(utf8Decoder.decode(bytes)) as T\n}\n\n/** Generate a random 32-byte nonce as a 0x-prefixed hex string. */\nexport function randomNonce(): `0x${string}` {\n const bytes = new Uint8Array(32)\n globalThis.crypto.getRandomValues(bytes)\n return ('0x' + Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('')) as `0x${string}`\n}\n","import type { Address, Hex, WalletClient } from 'viem'\nimport type {\n ExactEvmPayload,\n PaymentEnvelopeV2,\n PaymentPayload,\n PaymentRequiredResponse,\n PaymentRequirement,\n X402Network,\n} from './types.js'\nimport { decodePayment, encodePayment, randomNonce } from './utils.js'\n\nexport interface ClientOptions {\n /** A viem WalletClient able to sign EIP-712 typed data. */\n wallet: WalletClient\n /** Underlying fetch to wrap (defaults to global fetch). */\n fetch?: typeof fetch\n /**\n * Hook called before signing. Return `false` to reject the payment.\n * Useful for showing a confirmation UI to the user.\n */\n onPaymentRequired?: (requirement: PaymentRequirement) => boolean | Promise<boolean>\n /** Only allow payments up to this atomic-units cap. Safety belt. */\n maxAmountAtomic?: bigint\n /** Restrict to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n}\n\n/**\n * Create a fetch wrapper that transparently handles x402 payments —\n * protocol v1 (\"base\" networks, `maxAmountRequired`, `X-PAYMENT` header)\n * and v2 (CAIP-2 networks, `amount`, `PAYMENT-SIGNATURE` envelope) alike.\n *\n * On a 402 response, it picks the cheapest acceptable requirement,\n * signs an EIP-3009 authorization with the provided wallet, and retries\n * the request with the version-appropriate payment header.\n *\n * @example\n * ```ts\n * const pay = createPaymentClient({ wallet })\n * const res = await pay('https://api.example.com/premium')\n * ```\n */\nexport function createPaymentClient(options: ClientOptions) {\n const baseFetch = options.fetch ?? globalThis.fetch.bind(globalThis)\n\n return async function payFetch(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n const first = await baseFetch(input, init)\n if (first.status !== 402) return first\n\n const requirements = await parsePaymentRequired(first)\n const requirement = selectRequirement(requirements.accepts ?? [], options)\n if (!requirement) {\n throw new PaymentError('No acceptable payment requirement matched client constraints', requirements)\n }\n\n if (options.onPaymentRequired) {\n const approved = await options.onPaymentRequired(requirement)\n if (!approved) throw new PaymentError('Payment rejected by user', requirements)\n }\n\n const payload = await signExactAuthorization(options.wallet, requirement)\n const header = buildPaymentHeader(requirements, requirement, payload)\n const headers = new Headers(init.headers)\n headers.set(header.name, header.value)\n\n return baseFetch(input, { ...init, headers })\n }\n}\n\nexport class PaymentError extends Error {\n readonly requirements?: PaymentRequiredResponse\n constructor(message: string, requirements?: PaymentRequiredResponse) {\n super(message)\n this.name = 'PaymentError'\n this.requirements = requirements\n }\n}\n\n/**\n * Atomic units owed for a requirement, version-agnostic: x402 v2 prices in\n * `amount`, v1 in `maxAmountRequired`. Returns null when absent or\n * unparseable (never throws — selection must be able to skip bad entries).\n */\nexport function requirementAtomicAmount(req: PaymentRequirement): bigint | null {\n const raw = req.amount ?? req.maxAmountRequired\n if (raw == null) return null\n try {\n return BigInt(raw)\n } catch {\n return null\n }\n}\n\nasync function parsePaymentRequired(res: Response): Promise<PaymentRequiredResponse> {\n try {\n return (await res.clone().json()) as PaymentRequiredResponse\n } catch {\n // v2 servers mirror the discovery document base64-encoded in the\n // `payment-required` response header — fall back to it for non-JSON bodies.\n const header = res.headers.get('payment-required')\n if (header) {\n try {\n return decodePayment<PaymentRequiredResponse>(header)\n } catch {\n /* fall through to the error below */\n }\n }\n throw new PaymentError('402 response did not contain a valid x402 discovery body')\n }\n}\n\nfunction selectRequirement(\n accepts: PaymentRequirement[],\n opts: ClientOptions,\n): PaymentRequirement | undefined {\n const priced = accepts\n .filter((a) => a.scheme === 'exact')\n // Only EVM networks this client can sign for (drops e.g. \"solana:…\").\n .filter((a) => chainIdForNetwork(a.network) !== null)\n .filter(\n (a) =>\n !opts.allowedNetworks ||\n opts.allowedNetworks.some((n) => chainIdForNetwork(n) === chainIdForNetwork(a.network)),\n )\n .map((a) => ({ req: a, amount: requirementAtomicAmount(a) }))\n .filter((e): e is { req: PaymentRequirement; amount: bigint } => e.amount !== null)\n .filter((e) => !opts.maxAmountAtomic || e.amount <= opts.maxAmountAtomic)\n\n return priced.sort((a, b) => (a.amount < b.amount ? -1 : 1))[0]?.req\n}\n\n/** Build the version-appropriate payment header for a signed authorization. */\nfunction buildPaymentHeader(\n challenge: PaymentRequiredResponse,\n requirement: PaymentRequirement,\n payload: ExactEvmPayload,\n): { name: string; value: string } {\n const version = challenge.x402Version ?? 1\n if (version >= 2) {\n const envelope: PaymentEnvelopeV2 = {\n x402Version: version,\n resource: challenge.resource,\n accepted: requirement,\n payload,\n extensions: challenge.extensions ?? {},\n }\n return { name: 'PAYMENT-SIGNATURE', value: encodePayment(envelope) }\n }\n const v1: PaymentPayload = {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload,\n }\n return { name: 'X-PAYMENT', value: encodePayment(v1) }\n}\n\n/** Sign an EIP-3009 `TransferWithAuthorization` for the given requirement. */\nexport async function signExactAuthorization(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<ExactEvmPayload> {\n const account = wallet.account\n if (!account) throw new PaymentError('Wallet has no account attached')\n\n const value = requirementAtomicAmount(requirement)\n if (value === null) {\n throw new PaymentError('x402 requirement is missing a payment amount')\n }\n const chainId = chainIdForNetwork(requirement.network)\n if (chainId === null) {\n throw new PaymentError(`Unsupported x402 network: ${requirement.network}`)\n }\n\n const now = Math.floor(Date.now() / 1000)\n const validAfter = BigInt(now - 60)\n const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600))\n const nonce = randomNonce()\n\n const tokenName =\n (requirement.extra?.name as string | undefined) ?? 'USD Coin'\n const tokenVersion =\n (requirement.extra?.version as string | undefined) ?? '2'\n\n const signature = (await wallet.signTypedData({\n account,\n domain: {\n name: tokenName,\n version: tokenVersion,\n chainId,\n verifyingContract: requirement.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address as Address,\n to: requirement.payTo,\n value,\n validAfter,\n validBefore,\n nonce,\n },\n })) as Hex\n\n return {\n signature,\n authorization: {\n from: account.address as Address,\n to: requirement.payTo,\n value: value.toString(),\n validAfter: validAfter.toString(),\n validBefore: validBefore.toString(),\n nonce,\n },\n }\n}\n\n/**\n * Sign a requirement into the x402 **v1** `X-PAYMENT` payload shape.\n * Kept for back-compat; `createPaymentClient` is version-aware internally.\n */\nexport async function signPayment(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<PaymentPayload> {\n return {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload: await signExactAuthorization(wallet, requirement),\n }\n}\n\n/** Resolve a network to an EVM chain id — v1 friendly names and CAIP-2 ids. */\nfunction chainIdForNetwork(network: string): number | null {\n if (network.startsWith('eip155:')) {\n const id = Number(network.slice('eip155:'.length))\n return Number.isInteger(id) && id > 0 ? id : null\n }\n switch (network as X402Network) {\n case 'base':\n return 8453\n case 'base-sepolia':\n return 84532\n case 'ethereum':\n return 1\n case 'optimism':\n return 10\n case 'arbitrum':\n return 42161\n case 'polygon':\n return 137\n default:\n return null\n }\n}\n","/**\n * yeetful/agent — the \"agent expense account.\"\n *\n * Wrap your agent's HTTP calls in a single grant-aware `pay()`. Before any x402\n * payment is signed it enforces a spend grant — an allowlist of hosts plus\n * per-call / per-day / lifetime USD caps and an expiry — then pays via the\n * standard x402 client and emits a receipt for every call.\n *\n * One grant authorizes MANY endpoints (the allowlist). It's a guardrail for\n * your own agents (runaway loops, bugs, prompt-injected tool calls) and the\n * receipt feed behind budgets + audit. Enforcement here is local + instant;\n * for hard, adversarial guarantees back the grant with an on-chain Spend\n * Permission (the wallet contract caps spend regardless of this SDK).\n *\n * @example\n * ```ts\n * import { yeetful } from 'yeetful/agent'\n *\n * const pay = yeetful({\n * wallet, // viem WalletClient\n * grant: {\n * id: 'cmbq…', // hosted grant id (yeetful.com)\n * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],\n * perCallUsd: 0.05,\n * perDayUsd: 2,\n * expiresAt: '2026-12-31',\n * },\n * apiKey: process.env.YEETFUL_API_KEY, // yf_… → receipts sync to your dashboard\n * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),\n * })\n *\n * const res = await pay('https://tripadvisor.x402.paysponge.com/api/v1/location/search?searchQuery=tokyo')\n * // throws GrantError on NOT_ALLOWED / OVER_PER_CALL / BUDGET_EXCEEDED / EXPIRED\n * ```\n */\n\nimport type { WalletClient } from 'viem'\nimport { createPaymentClient, PaymentError, requirementAtomicAmount } from './client.js'\nimport { decodePayment } from './utils.js'\nimport type { PaymentRequirement, SettleResult, X402Network } from './types.js'\n\nexport type GrantViolation =\n | 'EXPIRED'\n | 'REVOKED'\n | 'NOT_ALLOWED'\n | 'OVER_PER_CALL'\n | 'BUDGET_EXCEEDED'\n\nexport class GrantError extends Error {\n constructor(\n public code: GrantViolation,\n message: string,\n ) {\n super(message)\n this.name = 'GrantError'\n }\n}\n\n/** A scoped spend authorization (mirrors the hosted SpendGrant). */\nexport interface GrantPolicy {\n /** Optional id of the hosted grant this mirrors. */\n id?: string\n /** Exact hostnames this grant may pay (e.g. \"tripadvisor.x402.paysponge.com\"). */\n allow: string[]\n perCallUsd: number\n perDayUsd: number\n /** Optional lifetime cap across the life of this client instance. */\n totalUsd?: number | null\n /** Unix ms, ISO string, or Date. Omit for no expiry. */\n expiresAt?: number | string | Date\n /** 'active' | 'revoked'. Defaults to active. */\n status?: string\n}\n\n/** A single authorization decision — the audit trail + x402 receipt. */\nexport interface Receipt {\n host: string\n amountUsd: number\n ok: boolean\n txHash?: string\n /** \"settled\" on success, or the GrantViolation code on a denial. */\n note: string\n ts: number\n}\n\nexport interface AgentOptions {\n /** viem WalletClient that signs the EIP-3009 payment. */\n wallet: WalletClient\n /** The spend grant to enforce. */\n grant: GrantPolicy\n /** Underlying fetch (defaults to global fetch). */\n fetch?: typeof fetch\n /** Restrict payments to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n /** Called after every decision — wire this to your ledger / dashboard. */\n onReceipt?: (receipt: Receipt) => void | Promise<void>\n /** Human-readable progress logging. */\n onEvent?: (message: string) => void\n /**\n * Yeetful API key (`yf_…`, minted at yeetful.com while signed in). Together\n * with `grant.id` it turns on hosted-ledger sync: every receipt is POSTed to\n * `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so the\n * dashboard's budgets/audit trail include this agent's calls. Sync is\n * best-effort and never blocks or fails a payment.\n */\n apiKey?: string\n /** Base URL of the hosted ledger. Defaults to https://yeetful.com. */\n ledgerUrl?: string\n}\n\nexport interface PayFn {\n (input: string | URL | Request, init?: RequestInit): Promise<Response>\n /** USD spent under this grant since UTC midnight (this client instance). */\n spentTodayUsd(): number\n /** USD remaining in today's budget. */\n remainingTodayUsd(): number\n /** USD spent over the life of this client instance. */\n spentTotalUsd(): number\n /**\n * Resolves once every hosted-ledger sync issued so far has settled (no-op\n * without `apiKey`). Await this before a short-lived script exits so the\n * last receipts aren't dropped with the process.\n */\n flushLedger(): Promise<void>\n}\n\nfunction expiryMs(expiresAt: GrantPolicy['expiresAt']): number {\n if (expiresAt == null) return Infinity\n if (expiresAt instanceof Date) return expiresAt.getTime()\n if (typeof expiresAt === 'number') return expiresAt\n const t = new Date(expiresAt).getTime()\n return Number.isNaN(t) ? Infinity : t\n}\n\nfunction utcDayIndex(ms: number): number {\n return Math.floor(ms / 86_400_000)\n}\n\nfunction hostOf(input: string | URL | Request): string {\n const url = typeof input === 'string' ? input : input instanceof URL ? input.href : input.url\n try {\n return new URL(url).host.toLowerCase()\n } catch {\n return ''\n }\n}\n\n/** Pull the settlement tx hash from the settle header, if present\n * (`PAYMENT-RESPONSE` on x402 v2, `X-PAYMENT-RESPONSE` on v1). */\nfunction txHashOf(res: Response): string | undefined {\n const header = res.headers.get('payment-response') ?? res.headers.get('x-payment-response')\n if (!header) return undefined\n try {\n return decodePayment<SettleResult>(header).transaction\n } catch {\n return undefined\n }\n}\n\n/**\n * Create a grant-aware paid `fetch`. Enforces the grant locally before signing\n * any x402 payment, pays with the wallet, and emits a receipt per call.\n */\nexport function yeetful(options: AgentOptions): PayFn {\n const { wallet, grant, onReceipt, onEvent } = options\n const log = onEvent ?? (() => {})\n\n let spentToday = 0\n let spentTotal = 0\n let dayIndex = utcDayIndex(Date.now())\n\n // ── Hosted-ledger sync (optional): receipts → POST /api/grants/:id/ledger ──\n const ledgerEndpoint =\n options.apiKey && grant.id\n ? `${(options.ledgerUrl ?? 'https://yeetful.com').replace(/\\/+$/, '')}/api/grants/${grant.id}/ledger`\n : null\n if (options.apiKey && !grant.id) {\n log('hosted-ledger sync disabled: grant.id is not set (use the id of your yeetful.com grant)')\n }\n // A chain (not fire-and-forget) so receipts land in order and flushLedger()\n // can await them; one failed POST is logged and never poisons the chain.\n let ledgerChain: Promise<void> = Promise.resolve()\n const ledgerFetch = options.fetch ?? globalThis.fetch\n const sync = (r: Receipt) => {\n if (!ledgerEndpoint) return\n ledgerChain = ledgerChain\n .then(async () => {\n const res = await ledgerFetch(ledgerEndpoint, {\n method: 'POST',\n headers: {\n 'content-type': 'application/json',\n authorization: `Bearer ${options.apiKey}`,\n },\n body: JSON.stringify({\n host: r.host,\n amountUsd: r.amountUsd,\n ok: r.ok,\n txHash: r.txHash,\n note: r.note,\n }),\n })\n if (!res.ok) log(`ledger sync → ${res.status} for ${r.host}`)\n })\n .catch((err) => {\n log(`ledger sync failed for ${r.host}: ${err instanceof Error ? err.message : err}`)\n })\n }\n\n const emit = (r: Receipt) => {\n sync(r)\n void Promise.resolve(onReceipt?.(r)).catch(() => {})\n }\n const deny = (host: string, code: GrantViolation, msg: string): never => {\n emit({ host, amountUsd: 0, ok: false, note: code, ts: Date.now() })\n log(`✗ ${host} — ${code}: ${msg}`)\n throw new GrantError(code, msg)\n }\n\n const pay = async function pay(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n // Roll the daily budget at UTC midnight.\n const today = utcDayIndex(Date.now())\n if (today !== dayIndex) {\n dayIndex = today\n spentToday = 0\n }\n\n const host = hostOf(input)\n\n // ── Pre-flight policy (no network): status → expiry → allowlist ─────────\n if ((grant.status ?? 'active') === 'revoked') deny(host, 'REVOKED', 'grant is revoked')\n if (Date.now() > expiryMs(grant.expiresAt)) deny(host, 'EXPIRED', 'grant has expired')\n if (!grant.allow.map((h) => h.toLowerCase()).includes(host)) {\n deny(host, 'NOT_ALLOWED', `${host} is not in this grant's allowlist`)\n }\n\n // Price is only known from the 402 challenge — check caps in the hook,\n // which runs after the challenge is parsed and before the payment is signed.\n let pricedUsd = 0\n const client = createPaymentClient({\n wallet,\n fetch: options.fetch,\n allowedNetworks: options.allowedNetworks,\n // Per-call enforcement lives in the hook (not maxAmountAtomic) so an\n // over-cap call surfaces a clean GrantError instead of a filtered no-match.\n onPaymentRequired: (req: PaymentRequirement) => {\n // Version-agnostic price (v2 `amount`, v1 `maxAmountRequired`).\n // Selection already dropped unpriced entries, so this can't be null.\n const price = Number(requirementAtomicAmount(req) ?? 0n) / 1e6\n if (price > grant.perCallUsd) {\n deny(host, 'OVER_PER_CALL', `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`)\n }\n if (spentToday + price > grant.perDayUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentToday + price).toFixed(2)} exceeds today's cap $${grant.perDayUsd}`)\n }\n if (grant.totalUsd != null && spentTotal + price > grant.totalUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentTotal + price).toFixed(2)} exceeds lifetime cap $${grant.totalUsd}`)\n }\n pricedUsd = price\n return true\n },\n })\n\n let res: Response\n try {\n res = await client(input, init)\n } catch (err) {\n if (err instanceof GrantError) throw err // already denied + receipted\n // A rejection from the underlying client (e.g. no acceptable requirement).\n const note = err instanceof PaymentError ? 'payment-failed' : 'error'\n emit({ host, amountUsd: 0, ok: false, note, ts: Date.now() })\n throw err\n }\n\n // Settled (or a free, non-402 call where pricedUsd stayed 0).\n if (pricedUsd > 0) {\n spentToday += pricedUsd\n spentTotal += pricedUsd\n }\n const txHash = txHashOf(res)\n emit({ host, amountUsd: pricedUsd, ok: true, txHash, note: 'settled', ts: Date.now() })\n log(`✓ ${host} — $${pricedUsd.toFixed(4)} · today $${spentToday.toFixed(2)}/$${grant.perDayUsd}`)\n return res\n } as PayFn\n\n pay.spentTodayUsd = () => spentToday\n pay.remainingTodayUsd = () => Math.max(0, grant.perDayUsd - spentToday)\n pay.spentTotalUsd = () => spentTotal\n pay.flushLedger = () => ledgerChain\n return pay\n}\n"]}
package/dist/agent.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { WalletClient } from 'viem';
2
- import { X as X402Network } from './types-DzGpKiV3.cjs';
2
+ import { X as X402Network } from './types-DgG0iIOB.cjs';
3
3
 
4
4
  /**
5
5
  * yeetful/agent — the "agent expense account."
@@ -22,11 +22,13 @@ import { X as X402Network } from './types-DzGpKiV3.cjs';
22
22
  * const pay = yeetful({
23
23
  * wallet, // viem WalletClient
24
24
  * grant: {
25
+ * id: 'cmbq…', // hosted grant id (yeetful.com)
25
26
  * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],
26
27
  * perCallUsd: 0.05,
27
28
  * perDayUsd: 2,
28
29
  * expiresAt: '2026-12-31',
29
30
  * },
31
+ * apiKey: process.env.YEETFUL_API_KEY, // yf_… → receipts sync to your dashboard
30
32
  * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),
31
33
  * })
32
34
  *
@@ -78,6 +80,16 @@ interface AgentOptions {
78
80
  onReceipt?: (receipt: Receipt) => void | Promise<void>;
79
81
  /** Human-readable progress logging. */
80
82
  onEvent?: (message: string) => void;
83
+ /**
84
+ * Yeetful API key (`yf_…`, minted at yeetful.com while signed in). Together
85
+ * with `grant.id` it turns on hosted-ledger sync: every receipt is POSTed to
86
+ * `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so the
87
+ * dashboard's budgets/audit trail include this agent's calls. Sync is
88
+ * best-effort and never blocks or fails a payment.
89
+ */
90
+ apiKey?: string;
91
+ /** Base URL of the hosted ledger. Defaults to https://yeetful.com. */
92
+ ledgerUrl?: string;
81
93
  }
82
94
  interface PayFn {
83
95
  (input: string | URL | Request, init?: RequestInit): Promise<Response>;
@@ -87,6 +99,12 @@ interface PayFn {
87
99
  remainingTodayUsd(): number;
88
100
  /** USD spent over the life of this client instance. */
89
101
  spentTotalUsd(): number;
102
+ /**
103
+ * Resolves once every hosted-ledger sync issued so far has settled (no-op
104
+ * without `apiKey`). Await this before a short-lived script exits so the
105
+ * last receipts aren't dropped with the process.
106
+ */
107
+ flushLedger(): Promise<void>;
90
108
  }
91
109
  /**
92
110
  * Create a grant-aware paid `fetch`. Enforces the grant locally before signing
package/dist/agent.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { WalletClient } from 'viem';
2
- import { X as X402Network } from './types-DzGpKiV3.js';
2
+ import { X as X402Network } from './types-DgG0iIOB.js';
3
3
 
4
4
  /**
5
5
  * yeetful/agent — the "agent expense account."
@@ -22,11 +22,13 @@ import { X as X402Network } from './types-DzGpKiV3.js';
22
22
  * const pay = yeetful({
23
23
  * wallet, // viem WalletClient
24
24
  * grant: {
25
+ * id: 'cmbq…', // hosted grant id (yeetful.com)
25
26
  * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],
26
27
  * perCallUsd: 0.05,
27
28
  * perDayUsd: 2,
28
29
  * expiresAt: '2026-12-31',
29
30
  * },
31
+ * apiKey: process.env.YEETFUL_API_KEY, // yf_… → receipts sync to your dashboard
30
32
  * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),
31
33
  * })
32
34
  *
@@ -78,6 +80,16 @@ interface AgentOptions {
78
80
  onReceipt?: (receipt: Receipt) => void | Promise<void>;
79
81
  /** Human-readable progress logging. */
80
82
  onEvent?: (message: string) => void;
83
+ /**
84
+ * Yeetful API key (`yf_…`, minted at yeetful.com while signed in). Together
85
+ * with `grant.id` it turns on hosted-ledger sync: every receipt is POSTed to
86
+ * `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so the
87
+ * dashboard's budgets/audit trail include this agent's calls. Sync is
88
+ * best-effort and never blocks or fails a payment.
89
+ */
90
+ apiKey?: string;
91
+ /** Base URL of the hosted ledger. Defaults to https://yeetful.com. */
92
+ ledgerUrl?: string;
81
93
  }
82
94
  interface PayFn {
83
95
  (input: string | URL | Request, init?: RequestInit): Promise<Response>;
@@ -87,6 +99,12 @@ interface PayFn {
87
99
  remainingTodayUsd(): number;
88
100
  /** USD spent over the life of this client instance. */
89
101
  spentTotalUsd(): number;
102
+ /**
103
+ * Resolves once every hosted-ledger sync issued so far has settled (no-op
104
+ * without `apiKey`). Await this before a short-lived script exits so the
105
+ * last receipts aren't dropped with the process.
106
+ */
107
+ flushLedger(): Promise<void>;
90
108
  }
91
109
  /**
92
110
  * Create a grant-aware paid `fetch`. Enforces the grant locally before signing