yeetful 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/dist/agent.cjs +71 -25
  3. package/dist/agent.cjs.map +1 -1
  4. package/dist/agent.d.cts +1 -1
  5. package/dist/agent.d.ts +1 -1
  6. package/dist/agent.js +71 -25
  7. package/dist/agent.js.map +1 -1
  8. package/dist/client.cjs +89 -22
  9. package/dist/client.cjs.map +1 -1
  10. package/dist/client.d.cts +17 -4
  11. package/dist/client.d.ts +17 -4
  12. package/dist/client.js +88 -23
  13. package/dist/client.js.map +1 -1
  14. package/dist/express.d.cts +1 -1
  15. package/dist/express.d.ts +1 -1
  16. package/dist/index.cjs +79 -23
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +3 -3
  19. package/dist/index.d.ts +3 -3
  20. package/dist/index.js +78 -24
  21. package/dist/index.js.map +1 -1
  22. package/dist/next.d.cts +1 -1
  23. package/dist/next.d.ts +1 -1
  24. package/dist/server.d.cts +1 -1
  25. package/dist/server.d.ts +1 -1
  26. package/dist/{types-DzGpKiV3.d.cts → types-DgG0iIOB.d.cts} +34 -10
  27. package/dist/{types-DzGpKiV3.d.ts → types-DgG0iIOB.d.ts} +34 -10
  28. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,25 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.3.1
4
+
5
+ - **Fix: x402 v2 challenges crashed the client** (`TypeError: Cannot convert
6
+ undefined to a BigInt`). Gateways that moved to protocol v2 — e.g.
7
+ TripAdvisor's paysponge gateway — price in `amount` (not v1's
8
+ `maxAmountRequired`), use CAIP-2 network ids (`eip155:8453`, not `base`),
9
+ and expect the payment back in a `PAYMENT-SIGNATURE` envelope (not
10
+ `X-PAYMENT`). The client now reads both protocol versions and replies in
11
+ the version the challenge declared; v1 behavior is unchanged.
12
+ - Requirement selection skips entries this client can't sign (non-EVM
13
+ networks such as `solana:…`, entries with no parseable amount) instead of
14
+ crashing; an unpayable challenge raises a clean `PaymentError` and the
15
+ agent receipts it as `payment-failed`.
16
+ - Settlement tx hashes are read from v2's `payment-response` header as well
17
+ as v1's `x-payment-response`; v2 discovery docs are also parsed from the
18
+ `payment-required` response header when the body isn't JSON.
19
+ - New exports: `requirementAtomicAmount()` (version-agnostic price reader),
20
+ `signExactAuthorization()` (bare EIP-3009 payload), and the
21
+ `PaymentEnvelopeV2` type.
22
+
3
23
  ## 0.3.0
4
24
 
5
25
  - **New: hosted-ledger sync.** `yeetful({ wallet, grant, apiKey, ledgerUrl? })` —
package/dist/agent.cjs CHANGED
@@ -36,7 +36,7 @@ function createPaymentClient(options) {
36
36
  const first = await baseFetch(input, init);
37
37
  if (first.status !== 402) return first;
38
38
  const requirements = await parsePaymentRequired(first);
39
- const requirement = selectRequirement(requirements.accepts, options);
39
+ const requirement = selectRequirement(requirements.accepts ?? [], options);
40
40
  if (!requirement) {
41
41
  throw new PaymentError("No acceptable payment requirement matched client constraints", requirements);
42
42
  }
@@ -44,9 +44,10 @@ function createPaymentClient(options) {
44
44
  const approved = await options.onPaymentRequired(requirement);
45
45
  if (!approved) throw new PaymentError("Payment rejected by user", requirements);
46
46
  }
47
- const payment = await signPayment(options.wallet, requirement);
47
+ const payload = await signExactAuthorization(options.wallet, requirement);
48
+ const header = buildPaymentHeader(requirements, requirement, payload);
48
49
  const headers = new Headers(init.headers);
49
- headers.set("X-PAYMENT", encodePayment(payment));
50
+ headers.set(header.name, header.value);
50
51
  return baseFetch(input, { ...init, headers });
51
52
  };
52
53
  }
@@ -58,22 +59,66 @@ var PaymentError = class extends Error {
58
59
  this.requirements = requirements;
59
60
  }
60
61
  };
62
+ function requirementAtomicAmount(req) {
63
+ const raw = req.amount ?? req.maxAmountRequired;
64
+ if (raw == null) return null;
65
+ try {
66
+ return BigInt(raw);
67
+ } catch {
68
+ return null;
69
+ }
70
+ }
61
71
  async function parsePaymentRequired(res) {
62
72
  try {
63
73
  return await res.clone().json();
64
74
  } catch {
75
+ const header = res.headers.get("payment-required");
76
+ if (header) {
77
+ try {
78
+ return decodePayment(header);
79
+ } catch {
80
+ }
81
+ }
65
82
  throw new PaymentError("402 response did not contain a valid x402 discovery body");
66
83
  }
67
84
  }
68
85
  function selectRequirement(accepts, opts) {
69
- const filtered = accepts.filter((a) => a.scheme === "exact").filter((a) => !opts.allowedNetworks || opts.allowedNetworks.includes(a.network)).filter((a) => !opts.maxAmountAtomic || BigInt(a.maxAmountRequired) <= opts.maxAmountAtomic);
70
- return filtered.sort(
71
- (a, b) => BigInt(a.maxAmountRequired) < BigInt(b.maxAmountRequired) ? -1 : 1
72
- )[0];
86
+ const priced = accepts.filter((a) => a.scheme === "exact").filter((a) => chainIdForNetwork(a.network) !== null).filter(
87
+ (a) => !opts.allowedNetworks || opts.allowedNetworks.some((n) => chainIdForNetwork(n) === chainIdForNetwork(a.network))
88
+ ).map((a) => ({ req: a, amount: requirementAtomicAmount(a) })).filter((e) => e.amount !== null).filter((e) => !opts.maxAmountAtomic || e.amount <= opts.maxAmountAtomic);
89
+ return priced.sort((a, b) => a.amount < b.amount ? -1 : 1)[0]?.req;
90
+ }
91
+ function buildPaymentHeader(challenge, requirement, payload) {
92
+ const version = challenge.x402Version ?? 1;
93
+ if (version >= 2) {
94
+ const envelope = {
95
+ x402Version: version,
96
+ resource: challenge.resource,
97
+ accepted: requirement,
98
+ payload,
99
+ extensions: challenge.extensions ?? {}
100
+ };
101
+ return { name: "PAYMENT-SIGNATURE", value: encodePayment(envelope) };
102
+ }
103
+ const v1 = {
104
+ x402Version: 1,
105
+ scheme: "exact",
106
+ network: requirement.network,
107
+ payload
108
+ };
109
+ return { name: "X-PAYMENT", value: encodePayment(v1) };
73
110
  }
74
- async function signPayment(wallet, requirement) {
111
+ async function signExactAuthorization(wallet, requirement) {
75
112
  const account = wallet.account;
76
113
  if (!account) throw new PaymentError("Wallet has no account attached");
114
+ const value = requirementAtomicAmount(requirement);
115
+ if (value === null) {
116
+ throw new PaymentError("x402 requirement is missing a payment amount");
117
+ }
118
+ const chainId = chainIdForNetwork(requirement.network);
119
+ if (chainId === null) {
120
+ throw new PaymentError(`Unsupported x402 network: ${requirement.network}`);
121
+ }
77
122
  const now = Math.floor(Date.now() / 1e3);
78
123
  const validAfter = BigInt(now - 60);
79
124
  const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600));
@@ -85,7 +130,7 @@ async function signPayment(wallet, requirement) {
85
130
  domain: {
86
131
  name: tokenName,
87
132
  version: tokenVersion,
88
- chainId: chainIdForNetwork(requirement.network),
133
+ chainId,
89
134
  verifyingContract: requirement.asset
90
135
  },
91
136
  types: {
@@ -102,30 +147,29 @@ async function signPayment(wallet, requirement) {
102
147
  message: {
103
148
  from: account.address,
104
149
  to: requirement.payTo,
105
- value: BigInt(requirement.maxAmountRequired),
150
+ value,
106
151
  validAfter,
107
152
  validBefore,
108
153
  nonce
109
154
  }
110
155
  });
111
156
  return {
112
- x402Version: 1,
113
- scheme: "exact",
114
- network: requirement.network,
115
- payload: {
116
- signature,
117
- authorization: {
118
- from: account.address,
119
- to: requirement.payTo,
120
- value: requirement.maxAmountRequired,
121
- validAfter: validAfter.toString(),
122
- validBefore: validBefore.toString(),
123
- nonce
124
- }
157
+ signature,
158
+ authorization: {
159
+ from: account.address,
160
+ to: requirement.payTo,
161
+ value: value.toString(),
162
+ validAfter: validAfter.toString(),
163
+ validBefore: validBefore.toString(),
164
+ nonce
125
165
  }
126
166
  };
127
167
  }
128
168
  function chainIdForNetwork(network) {
169
+ if (network.startsWith("eip155:")) {
170
+ const id = Number(network.slice("eip155:".length));
171
+ return Number.isInteger(id) && id > 0 ? id : null;
172
+ }
129
173
  switch (network) {
130
174
  case "base":
131
175
  return 8453;
@@ -139,6 +183,8 @@ function chainIdForNetwork(network) {
139
183
  return 42161;
140
184
  case "polygon":
141
185
  return 137;
186
+ default:
187
+ return null;
142
188
  }
143
189
  }
144
190
 
@@ -170,7 +216,7 @@ function hostOf(input) {
170
216
  }
171
217
  }
172
218
  function txHashOf(res) {
173
- const header = res.headers.get("x-payment-response");
219
+ const header = res.headers.get("payment-response") ?? res.headers.get("x-payment-response");
174
220
  if (!header) return void 0;
175
221
  try {
176
222
  return decodePayment(header).transaction;
@@ -243,7 +289,7 @@ function yeetful(options) {
243
289
  // Per-call enforcement lives in the hook (not maxAmountAtomic) so an
244
290
  // over-cap call surfaces a clean GrantError instead of a filtered no-match.
245
291
  onPaymentRequired: (req) => {
246
- const price = Number(req.maxAmountRequired) / 1e6;
292
+ const price = Number(requirementAtomicAmount(req) ?? 0n) / 1e6;
247
293
  if (price > grant.perCallUsd) {
248
294
  deny(host, "OVER_PER_CALL", `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`);
249
295
  }
package/dist/agent.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/utils.ts","../src/client.ts","../src/agent.ts"],"names":["pay"],"mappings":";;;AAgCA,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AACpC,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AAG7B,SAAS,cAAc,KAAA,EAAwB;AACpD,EAAA,MAAM,QAAQ,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,IAAA,IAAQ,KAAA,EAAO,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAC5D,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAGO,SAAS,cAA2B,GAAA,EAAgB;AACzD,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,QAAQ,CAAC,CAAA;AAAA,EACnD,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,GAAG,CAAA;AACvB,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EACxE;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAC7C;AAGO,SAAS,WAAA,GAA6B;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,EAAA,OAAQ,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF;;;AC1BO,SAAS,oBAAoB,OAAA,EAAwB;AAC1D,EAAA,MAAM,YAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAEnE,EAAA,OAAO,eAAe,QAAA,CACpB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AACnB,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,CAAU,KAAA,EAAO,IAAI,CAAA;AACzC,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,GAAA,EAAK,OAAO,KAAA;AAEjC,IAAA,MAAM,YAAA,GAAe,MAAM,oBAAA,CAAqB,KAAK,CAAA;AACrD,IAAA,MAAM,WAAA,GAAc,iBAAA,CAAkB,YAAA,CAAa,OAAA,EAAS,OAAO,CAAA;AACnE,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,YAAA,CAAa,8DAAA,EAAgE,YAAY,CAAA;AAAA,IACrG;AAEA,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,iBAAA,CAAkB,WAAW,CAAA;AAC5D,MAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,YAAA,CAAa,4BAA4B,YAAY,CAAA;AAAA,IAChF;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,WAAA,CAAY,OAAA,CAAQ,QAAQ,WAAW,CAAA;AAC7D,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA;AACxC,IAAA,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,aAAA,CAAc,OAAO,CAAC,CAAA;AAE/C,IAAA,OAAO,UAAU,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,EAC9C,CAAA;AACF;AAEO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAC7B,YAAA;AAAA,EACT,WAAA,CAAY,SAAiB,YAAA,EAAwC;AACnE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AACF,CAAA;AAEA,eAAe,qBAAqB,GAAA,EAAiD;AACnF,EAAA,IAAI;AACF,IAAA,OAAQ,MAAM,GAAA,CAAI,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,EACjC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAa,0DAA0D,CAAA;AAAA,EACnF;AACF;AAEA,SAAS,iBAAA,CACP,SACA,IAAA,EACgC;AAChC,EAAA,MAAM,QAAA,GAAW,OAAA,CACd,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,OAAO,CAAA,CAClC,MAAA,CAAO,CAAC,CAAA,KAAM,CAAC,KAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,QAAA,CAAS,CAAA,CAAE,OAAO,CAAC,CAAA,CAC/E,OAAO,CAAC,CAAA,KAAM,CAAC,IAAA,CAAK,mBAAmB,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,IAAK,KAAK,eAAe,CAAA;AAE7F,EAAA,OAAO,QAAA,CAAS,IAAA;AAAA,IAAK,CAAC,CAAA,EAAG,CAAA,KACvB,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,GAAI,MAAA,CAAO,CAAA,CAAE,iBAAiB,CAAA,GAAI,EAAA,GAAK;AAAA,IACjE,CAAC,CAAA;AACL;AAGA,eAAsB,WAAA,CACpB,QACA,WAAA,EACyB;AACzB,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,aAAa,gCAAgC,CAAA;AAErE,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,GAAM,EAAE,CAAA;AAClC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,GAAA,IAAO,WAAA,CAAY,qBAAqB,GAAA,CAAI,CAAA;AACvE,EAAA,MAAM,QAAQ,WAAA,EAAY;AAE1B,EAAA,MAAM,SAAA,GACH,WAAA,CAAY,KAAA,EAAO,IAAA,IAA+B,UAAA;AACrD,EAAA,MAAM,YAAA,GACH,WAAA,CAAY,KAAA,EAAO,OAAA,IAAkC,GAAA;AAExD,EAAA,MAAM,SAAA,GAAa,MAAM,MAAA,CAAO,aAAA,CAAc;AAAA,IAC5C,OAAA;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,OAAA,EAAS,YAAA;AAAA,MACT,OAAA,EAAS,iBAAA,CAAkB,WAAA,CAAY,OAAO,CAAA;AAAA,MAC9C,mBAAmB,WAAA,CAAY;AAAA,KACjC;AAAA,IACA,KAAA,EAAO;AAAA,MACL,yBAAA,EAA2B;AAAA,QACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,QAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,QAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,QACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,QACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,QACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AACnC,KACF;AAAA,IACA,WAAA,EAAa,2BAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA,EAAO,MAAA,CAAO,WAAA,CAAY,iBAAiB,CAAA;AAAA,MAC3C,UAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA;AACF,GACD,CAAA;AAED,EAAA,OAAO;AAAA,IACL,WAAA,EAAa,CAAA;AAAA,IACb,MAAA,EAAQ,OAAA;AAAA,IACR,SAAS,WAAA,CAAY,OAAA;AAAA,IACrB,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,aAAA,EAAe;AAAA,QACb,MAAM,OAAA,CAAQ,OAAA;AAAA,QACd,IAAI,WAAA,CAAY,KAAA;AAAA,QAChB,OAAO,WAAA,CAAY,iBAAA;AAAA,QACnB,UAAA,EAAY,WAAW,QAAA,EAAS;AAAA,QAChC,WAAA,EAAa,YAAY,QAAA,EAAS;AAAA,QAClC;AAAA;AACF;AACF,GACF;AACF;AAEA,SAAS,kBAAkB,OAAA,EAA8B;AACvD,EAAA,QAAQ,OAAA;AAAS,IACf,KAAK,MAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,CAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,EAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,GAAA;AAAA;AAEb;;;AClIO,IAAM,UAAA,GAAN,cAAyB,KAAA,CAAM;AAAA,EACpC,WAAA,CACS,MACP,OAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAIP,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AAAA,EACd;AAAA,EALS,IAAA;AAMX;AAsEA,SAAS,SAAS,SAAA,EAA6C;AAC7D,EAAA,IAAI,SAAA,IAAa,MAAM,OAAO,QAAA;AAC9B,EAAA,IAAI,SAAA,YAAqB,IAAA,EAAM,OAAO,SAAA,CAAU,OAAA,EAAQ;AACxD,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,EAAU,OAAO,SAAA;AAC1C,EAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACtC,EAAA,OAAO,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,GAAW,CAAA;AACtC;AAEA,SAAS,YAAY,EAAA,EAAoB;AACvC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,KAAU,CAAA;AACnC;AAEA,SAAS,OAAO,KAAA,EAAuC;AACrD,EAAA,MAAM,GAAA,GAAM,OAAO,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,YAAiB,GAAA,GAAM,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAA;AAC1F,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,KAAK,WAAA,EAAY;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAA;AAAA,EACT;AACF;AAGA,SAAS,SAAS,GAAA,EAAmC;AACnD,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AACnD,EAAA,IAAI,CAAC,QAAQ,OAAO,MAAA;AACpB,EAAA,IAAI;AACF,IAAA,OAAO,aAAA,CAA4B,MAAM,CAAA,CAAE,WAAA;AAAA,EAC7C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAMO,SAAS,QAAQ,OAAA,EAA8B;AACpD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,SAAQ,GAAI,OAAA;AAC9C,EAAA,MAAM,GAAA,GAAM,YAAY,MAAM;AAAA,EAAC,CAAA,CAAA;AAE/B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,QAAA,GAAW,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AAGrC,EAAA,MAAM,iBACJ,OAAA,CAAQ,MAAA,IAAU,KAAA,CAAM,EAAA,GACpB,IAAI,OAAA,CAAQ,SAAA,IAAa,qBAAA,EAAuB,OAAA,CAAQ,QAAQ,EAAE,CAAC,CAAA,YAAA,EAAe,KAAA,CAAM,EAAE,CAAA,OAAA,CAAA,GAC1F,IAAA;AACN,EAAA,IAAI,OAAA,CAAQ,MAAA,IAAU,CAAC,KAAA,CAAM,EAAA,EAAI;AAC/B,IAAA,GAAA,CAAI,yFAAyF,CAAA;AAAA,EAC/F;AAGA,EAAA,IAAI,WAAA,GAA6B,QAAQ,OAAA,EAAQ;AACjD,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAChD,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAI,CAAC,cAAA,EAAgB;AACrB,IAAA,WAAA,GAAc,WAAA,CACX,KAAK,YAAY;AAChB,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAY,cAAA,EAAgB;AAAA,QAC5C,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,CAAA,OAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,SACzC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,MAAM,CAAA,CAAE,IAAA;AAAA,UACR,WAAW,CAAA,CAAE,SAAA;AAAA,UACb,IAAI,CAAA,CAAE,EAAA;AAAA,UACN,QAAQ,CAAA,CAAE,MAAA;AAAA,UACV,MAAM,CAAA,CAAE;AAAA,SACT;AAAA,OACF,CAAA;AACD,MAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,GAAA,CAAI,CAAA,mBAAA,EAAiB,IAAI,MAAM,CAAA,KAAA,EAAQ,CAAA,CAAE,IAAI,CAAA,CAAE,CAAA;AAAA,IAC9D,CAAC,CAAA,CACA,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,GAAA,CAAI,CAAA,uBAAA,EAA0B,EAAE,IAAI,CAAA,EAAA,EAAK,eAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,GAAG,CAAA,CAAE,CAAA;AAAA,IACrF,CAAC,CAAA;AAAA,EACL,CAAA;AAEA,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAA,CAAK,CAAC,CAAA;AACN,IAAA,KAAK,QAAQ,OAAA,CAAQ,SAAA,GAAY,CAAC,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACrD,CAAA;AACA,EAAA,MAAM,IAAA,GAAO,CAAC,IAAA,EAAc,IAAA,EAAsB,GAAA,KAAuB;AACvE,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAClE,IAAA,GAAA,CAAI,UAAK,IAAI,CAAA,QAAA,EAAM,IAAI,CAAA,EAAA,EAAK,GAAG,CAAA,CAAE,CAAA;AACjC,IAAA,MAAM,IAAI,UAAA,CAAW,IAAA,EAAM,GAAG,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,MAAM,eAAeA,IAAAA,CACzB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AAEnB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AACpC,IAAA,IAAI,UAAU,QAAA,EAAU;AACtB,MAAA,QAAA,GAAW,KAAA;AACX,MAAA,UAAA,GAAa,CAAA;AAAA,IACf;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AAGzB,IAAA,IAAA,CAAK,MAAM,MAAA,IAAU,QAAA,MAAc,WAAW,IAAA,CAAK,IAAA,EAAM,WAAW,kBAAkB,CAAA;AACtF,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG,IAAA,CAAK,IAAA,EAAM,SAAA,EAAW,mBAAmB,CAAA;AACrF,IAAA,IAAI,CAAC,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,EAAG;AAC3D,MAAA,IAAA,CAAK,IAAA,EAAM,aAAA,EAAe,CAAA,EAAG,IAAI,CAAA,iCAAA,CAAmC,CAAA;AAAA,IACtE;AAIA,IAAA,IAAI,SAAA,GAAY,CAAA;AAChB,IAAA,MAAM,SAAS,mBAAA,CAAoB;AAAA,MACjC,MAAA;AAAA,MACA,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,iBAAiB,OAAA,CAAQ,eAAA;AAAA;AAAA;AAAA,MAGzB,iBAAA,EAAmB,CAAC,GAAA,KAA4B;AAC9C,QAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA,GAAI,GAAA;AAC9C,QAAA,IAAI,KAAA,GAAQ,MAAM,UAAA,EAAY;AAC5B,UAAA,IAAA,CAAK,IAAA,EAAM,eAAA,EAAiB,CAAA,CAAA,EAAI,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,UAAU,CAAA,CAAE,CAAA;AAAA,QAC9F;AACA,QAAA,IAAI,UAAA,GAAa,KAAA,GAAQ,KAAA,CAAM,SAAA,EAAW;AACxC,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,sBAAA,EAAyB,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,IAAI,MAAM,QAAA,IAAY,IAAA,IAAQ,UAAA,GAAa,KAAA,GAAQ,MAAM,QAAA,EAAU;AACjE,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,QAAQ,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,SAAA,GAAY,KAAA;AACZ,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,KACD,CAAA;AAED,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,EAAO,IAAI,CAAA;AAAA,IAChC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,YAAe,YAAY,MAAM,GAAA;AAErC,MAAA,MAAM,IAAA,GAAO,GAAA,YAAe,YAAA,GAAe,gBAAA,GAAmB,OAAA;AAC9D,MAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAC5D,MAAA,MAAM,GAAA;AAAA,IACR;AAGA,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,UAAA,IAAc,SAAA;AACd,MAAA,UAAA,IAAc,SAAA;AAAA,IAChB;AACA,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,SAAA,EAAW,EAAA,EAAI,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,IAAA,CAAK,GAAA,IAAO,CAAA;AACtF,IAAA,GAAA,CAAI,CAAA,OAAA,EAAK,IAAI,CAAA,SAAA,EAAO,SAAA,CAAU,QAAQ,CAAC,CAAC,CAAA,aAAA,EAAa,UAAA,CAAW,QAAQ,CAAC,CAAC,CAAA,EAAA,EAAK,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAChG,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAEA,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,oBAAoB,MAAM,IAAA,CAAK,IAAI,CAAA,EAAG,KAAA,CAAM,YAAY,UAAU,CAAA;AACtE,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,cAAc,MAAM,WAAA;AACxB,EAAA,OAAO,GAAA;AACT","file":"agent.cjs","sourcesContent":["import type { X402Network } from './types.js'\n\nconst USDC_BY_NETWORK: Record<X402Network, `0x${string}`> = {\n base: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',\n 'base-sepolia': '0x036CbD53842c5426634e7929541eC2318f3dCF7e',\n ethereum: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48',\n optimism: '0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85',\n arbitrum: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831',\n polygon: '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359',\n}\n\nexport const USDC_DECIMALS = 6\n\n/** Returns the canonical USDC contract address for a supported network. */\nexport function usdcAddress(network: X402Network): `0x${string}` {\n return USDC_BY_NETWORK[network]\n}\n\n/**\n * Convert a human-friendly USD amount (e.g. \"0.01\") into atomic USDC units.\n * Fixed-point to avoid float drift — safer than Number math for payments.\n */\nexport function usdToAtomic(amount: string | number, decimals = USDC_DECIMALS): string {\n const str = typeof amount === 'number' ? amount.toString() : amount\n if (!/^\\d+(\\.\\d+)?$/.test(str)) {\n throw new Error(`Invalid amount: ${str}`)\n }\n const [whole, frac = ''] = str.split('.')\n const padded = frac.slice(0, decimals).padEnd(decimals, '0')\n return (BigInt(whole ?? '0') * 10n ** BigInt(decimals) + BigInt(padded || '0')).toString()\n}\n\nconst utf8Encoder = new TextEncoder()\nconst utf8Decoder = new TextDecoder()\n\n/** Base64 encode a JSON value — works in Node 18+ and browsers. */\nexport function encodePayment(value: unknown): string {\n const bytes = utf8Encoder.encode(JSON.stringify(value))\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64')\n }\n let binary = ''\n for (const byte of bytes) binary += String.fromCharCode(byte)\n return btoa(binary)\n}\n\n/** Base64 decode a payment header value back into JSON. */\nexport function decodePayment<T = unknown>(b64: string): T {\n let bytes: Uint8Array\n if (typeof Buffer !== 'undefined') {\n bytes = new Uint8Array(Buffer.from(b64, 'base64'))\n } else {\n const binary = atob(b64)\n bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)\n }\n return JSON.parse(utf8Decoder.decode(bytes)) as T\n}\n\n/** Generate a random 32-byte nonce as a 0x-prefixed hex string. */\nexport function randomNonce(): `0x${string}` {\n const bytes = new Uint8Array(32)\n globalThis.crypto.getRandomValues(bytes)\n return ('0x' + Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('')) as `0x${string}`\n}\n","import type { Address, Hex, WalletClient } from 'viem'\nimport type {\n PaymentPayload,\n PaymentRequiredResponse,\n PaymentRequirement,\n X402Network,\n} from './types.js'\nimport { encodePayment, randomNonce } from './utils.js'\n\nexport interface ClientOptions {\n /** A viem WalletClient able to sign EIP-712 typed data. */\n wallet: WalletClient\n /** Underlying fetch to wrap (defaults to global fetch). */\n fetch?: typeof fetch\n /**\n * Hook called before signing. Return `false` to reject the payment.\n * Useful for showing a confirmation UI to the user.\n */\n onPaymentRequired?: (requirement: PaymentRequirement) => boolean | Promise<boolean>\n /** Only allow payments up to this atomic-units cap. Safety belt. */\n maxAmountAtomic?: bigint\n /** Restrict to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n}\n\n/**\n * Create a fetch wrapper that transparently handles x402 payments.\n *\n * On a 402 response, it picks the cheapest acceptable requirement,\n * signs an EIP-3009 authorization with the provided wallet, and retries\n * the request with an `X-PAYMENT` header.\n *\n * @example\n * ```ts\n * const pay = createPaymentClient({ wallet })\n * const res = await pay('https://api.example.com/premium')\n * ```\n */\nexport function createPaymentClient(options: ClientOptions) {\n const baseFetch = options.fetch ?? globalThis.fetch.bind(globalThis)\n\n return async function payFetch(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n const first = await baseFetch(input, init)\n if (first.status !== 402) return first\n\n const requirements = await parsePaymentRequired(first)\n const requirement = selectRequirement(requirements.accepts, options)\n if (!requirement) {\n throw new PaymentError('No acceptable payment requirement matched client constraints', requirements)\n }\n\n if (options.onPaymentRequired) {\n const approved = await options.onPaymentRequired(requirement)\n if (!approved) throw new PaymentError('Payment rejected by user', requirements)\n }\n\n const payment = await signPayment(options.wallet, requirement)\n const headers = new Headers(init.headers)\n headers.set('X-PAYMENT', encodePayment(payment))\n\n return baseFetch(input, { ...init, headers })\n }\n}\n\nexport class PaymentError extends Error {\n readonly requirements?: PaymentRequiredResponse\n constructor(message: string, requirements?: PaymentRequiredResponse) {\n super(message)\n this.name = 'PaymentError'\n this.requirements = requirements\n }\n}\n\nasync function parsePaymentRequired(res: Response): Promise<PaymentRequiredResponse> {\n try {\n return (await res.clone().json()) as PaymentRequiredResponse\n } catch {\n throw new PaymentError('402 response did not contain a valid x402 discovery body')\n }\n}\n\nfunction selectRequirement(\n accepts: PaymentRequirement[],\n opts: ClientOptions,\n): PaymentRequirement | undefined {\n const filtered = accepts\n .filter((a) => a.scheme === 'exact')\n .filter((a) => !opts.allowedNetworks || opts.allowedNetworks.includes(a.network))\n .filter((a) => !opts.maxAmountAtomic || BigInt(a.maxAmountRequired) <= opts.maxAmountAtomic)\n\n return filtered.sort((a, b) =>\n BigInt(a.maxAmountRequired) < BigInt(b.maxAmountRequired) ? -1 : 1,\n )[0]\n}\n\n/** Sign an EIP-3009 `TransferWithAuthorization` for the given requirement. */\nexport async function signPayment(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<PaymentPayload> {\n const account = wallet.account\n if (!account) throw new PaymentError('Wallet has no account attached')\n\n const now = Math.floor(Date.now() / 1000)\n const validAfter = BigInt(now - 60)\n const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600))\n const nonce = randomNonce()\n\n const tokenName =\n (requirement.extra?.name as string | undefined) ?? 'USD Coin'\n const tokenVersion =\n (requirement.extra?.version as string | undefined) ?? '2'\n\n const signature = (await wallet.signTypedData({\n account,\n domain: {\n name: tokenName,\n version: tokenVersion,\n chainId: chainIdForNetwork(requirement.network),\n verifyingContract: requirement.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address as Address,\n to: requirement.payTo,\n value: BigInt(requirement.maxAmountRequired),\n validAfter,\n validBefore,\n nonce,\n },\n })) as Hex\n\n return {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload: {\n signature,\n authorization: {\n from: account.address as Address,\n to: requirement.payTo,\n value: requirement.maxAmountRequired,\n validAfter: validAfter.toString(),\n validBefore: validBefore.toString(),\n nonce,\n },\n },\n }\n}\n\nfunction chainIdForNetwork(network: X402Network): number {\n switch (network) {\n case 'base':\n return 8453\n case 'base-sepolia':\n return 84532\n case 'ethereum':\n return 1\n case 'optimism':\n return 10\n case 'arbitrum':\n return 42161\n case 'polygon':\n return 137\n }\n}\n","/**\n * yeetful/agent — the \"agent expense account.\"\n *\n * Wrap your agent's HTTP calls in a single grant-aware `pay()`. Before any x402\n * payment is signed it enforces a spend grant — an allowlist of hosts plus\n * per-call / per-day / lifetime USD caps and an expiry — then pays via the\n * standard x402 client and emits a receipt for every call.\n *\n * One grant authorizes MANY endpoints (the allowlist). It's a guardrail for\n * your own agents (runaway loops, bugs, prompt-injected tool calls) and the\n * receipt feed behind budgets + audit. Enforcement here is local + instant;\n * for hard, adversarial guarantees back the grant with an on-chain Spend\n * Permission (the wallet contract caps spend regardless of this SDK).\n *\n * @example\n * ```ts\n * import { yeetful } from 'yeetful/agent'\n *\n * const pay = yeetful({\n * wallet, // viem WalletClient\n * grant: {\n * id: 'cmbq…', // hosted grant id (yeetful.com)\n * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],\n * perCallUsd: 0.05,\n * perDayUsd: 2,\n * expiresAt: '2026-12-31',\n * },\n * apiKey: process.env.YEETFUL_API_KEY, // yf_… → receipts sync to your dashboard\n * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),\n * })\n *\n * const res = await pay('https://tripadvisor.x402.paysponge.com/api/v1/location/search?searchQuery=tokyo')\n * // throws GrantError on NOT_ALLOWED / OVER_PER_CALL / BUDGET_EXCEEDED / EXPIRED\n * ```\n */\n\nimport type { WalletClient } from 'viem'\nimport { createPaymentClient, PaymentError } from './client.js'\nimport { decodePayment } from './utils.js'\nimport type { PaymentRequirement, SettleResult, X402Network } from './types.js'\n\nexport type GrantViolation =\n | 'EXPIRED'\n | 'REVOKED'\n | 'NOT_ALLOWED'\n | 'OVER_PER_CALL'\n | 'BUDGET_EXCEEDED'\n\nexport class GrantError extends Error {\n constructor(\n public code: GrantViolation,\n message: string,\n ) {\n super(message)\n this.name = 'GrantError'\n }\n}\n\n/** A scoped spend authorization (mirrors the hosted SpendGrant). */\nexport interface GrantPolicy {\n /** Optional id of the hosted grant this mirrors. */\n id?: string\n /** Exact hostnames this grant may pay (e.g. \"tripadvisor.x402.paysponge.com\"). */\n allow: string[]\n perCallUsd: number\n perDayUsd: number\n /** Optional lifetime cap across the life of this client instance. */\n totalUsd?: number | null\n /** Unix ms, ISO string, or Date. Omit for no expiry. */\n expiresAt?: number | string | Date\n /** 'active' | 'revoked'. Defaults to active. */\n status?: string\n}\n\n/** A single authorization decision — the audit trail + x402 receipt. */\nexport interface Receipt {\n host: string\n amountUsd: number\n ok: boolean\n txHash?: string\n /** \"settled\" on success, or the GrantViolation code on a denial. */\n note: string\n ts: number\n}\n\nexport interface AgentOptions {\n /** viem WalletClient that signs the EIP-3009 payment. */\n wallet: WalletClient\n /** The spend grant to enforce. */\n grant: GrantPolicy\n /** Underlying fetch (defaults to global fetch). */\n fetch?: typeof fetch\n /** Restrict payments to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n /** Called after every decision — wire this to your ledger / dashboard. */\n onReceipt?: (receipt: Receipt) => void | Promise<void>\n /** Human-readable progress logging. */\n onEvent?: (message: string) => void\n /**\n * Yeetful API key (`yf_…`, minted at yeetful.com while signed in). Together\n * with `grant.id` it turns on hosted-ledger sync: every receipt is POSTed to\n * `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so the\n * dashboard's budgets/audit trail include this agent's calls. Sync is\n * best-effort and never blocks or fails a payment.\n */\n apiKey?: string\n /** Base URL of the hosted ledger. Defaults to https://yeetful.com. */\n ledgerUrl?: string\n}\n\nexport interface PayFn {\n (input: string | URL | Request, init?: RequestInit): Promise<Response>\n /** USD spent under this grant since UTC midnight (this client instance). */\n spentTodayUsd(): number\n /** USD remaining in today's budget. */\n remainingTodayUsd(): number\n /** USD spent over the life of this client instance. */\n spentTotalUsd(): number\n /**\n * Resolves once every hosted-ledger sync issued so far has settled (no-op\n * without `apiKey`). Await this before a short-lived script exits so the\n * last receipts aren't dropped with the process.\n */\n flushLedger(): Promise<void>\n}\n\nfunction expiryMs(expiresAt: GrantPolicy['expiresAt']): number {\n if (expiresAt == null) return Infinity\n if (expiresAt instanceof Date) return expiresAt.getTime()\n if (typeof expiresAt === 'number') return expiresAt\n const t = new Date(expiresAt).getTime()\n return Number.isNaN(t) ? Infinity : t\n}\n\nfunction utcDayIndex(ms: number): number {\n return Math.floor(ms / 86_400_000)\n}\n\nfunction hostOf(input: string | URL | Request): string {\n const url = typeof input === 'string' ? input : input instanceof URL ? input.href : input.url\n try {\n return new URL(url).host.toLowerCase()\n } catch {\n return ''\n }\n}\n\n/** Pull the settlement tx hash from the X-PAYMENT-RESPONSE header, if present. */\nfunction txHashOf(res: Response): string | undefined {\n const header = res.headers.get('x-payment-response')\n if (!header) return undefined\n try {\n return decodePayment<SettleResult>(header).transaction\n } catch {\n return undefined\n }\n}\n\n/**\n * Create a grant-aware paid `fetch`. Enforces the grant locally before signing\n * any x402 payment, pays with the wallet, and emits a receipt per call.\n */\nexport function yeetful(options: AgentOptions): PayFn {\n const { wallet, grant, onReceipt, onEvent } = options\n const log = onEvent ?? (() => {})\n\n let spentToday = 0\n let spentTotal = 0\n let dayIndex = utcDayIndex(Date.now())\n\n // ── Hosted-ledger sync (optional): receipts → POST /api/grants/:id/ledger ──\n const ledgerEndpoint =\n options.apiKey && grant.id\n ? `${(options.ledgerUrl ?? 'https://yeetful.com').replace(/\\/+$/, '')}/api/grants/${grant.id}/ledger`\n : null\n if (options.apiKey && !grant.id) {\n log('hosted-ledger sync disabled: grant.id is not set (use the id of your yeetful.com grant)')\n }\n // A chain (not fire-and-forget) so receipts land in order and flushLedger()\n // can await them; one failed POST is logged and never poisons the chain.\n let ledgerChain: Promise<void> = Promise.resolve()\n const ledgerFetch = options.fetch ?? globalThis.fetch\n const sync = (r: Receipt) => {\n if (!ledgerEndpoint) return\n ledgerChain = ledgerChain\n .then(async () => {\n const res = await ledgerFetch(ledgerEndpoint, {\n method: 'POST',\n headers: {\n 'content-type': 'application/json',\n authorization: `Bearer ${options.apiKey}`,\n },\n body: JSON.stringify({\n host: r.host,\n amountUsd: r.amountUsd,\n ok: r.ok,\n txHash: r.txHash,\n note: r.note,\n }),\n })\n if (!res.ok) log(`ledger sync → ${res.status} for ${r.host}`)\n })\n .catch((err) => {\n log(`ledger sync failed for ${r.host}: ${err instanceof Error ? err.message : err}`)\n })\n }\n\n const emit = (r: Receipt) => {\n sync(r)\n void Promise.resolve(onReceipt?.(r)).catch(() => {})\n }\n const deny = (host: string, code: GrantViolation, msg: string): never => {\n emit({ host, amountUsd: 0, ok: false, note: code, ts: Date.now() })\n log(`✗ ${host} — ${code}: ${msg}`)\n throw new GrantError(code, msg)\n }\n\n const pay = async function pay(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n // Roll the daily budget at UTC midnight.\n const today = utcDayIndex(Date.now())\n if (today !== dayIndex) {\n dayIndex = today\n spentToday = 0\n }\n\n const host = hostOf(input)\n\n // ── Pre-flight policy (no network): status → expiry → allowlist ─────────\n if ((grant.status ?? 'active') === 'revoked') deny(host, 'REVOKED', 'grant is revoked')\n if (Date.now() > expiryMs(grant.expiresAt)) deny(host, 'EXPIRED', 'grant has expired')\n if (!grant.allow.map((h) => h.toLowerCase()).includes(host)) {\n deny(host, 'NOT_ALLOWED', `${host} is not in this grant's allowlist`)\n }\n\n // Price is only known from the 402 challenge — check caps in the hook,\n // which runs after the challenge is parsed and before the payment is signed.\n let pricedUsd = 0\n const client = createPaymentClient({\n wallet,\n fetch: options.fetch,\n allowedNetworks: options.allowedNetworks,\n // Per-call enforcement lives in the hook (not maxAmountAtomic) so an\n // over-cap call surfaces a clean GrantError instead of a filtered no-match.\n onPaymentRequired: (req: PaymentRequirement) => {\n const price = Number(req.maxAmountRequired) / 1e6\n if (price > grant.perCallUsd) {\n deny(host, 'OVER_PER_CALL', `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`)\n }\n if (spentToday + price > grant.perDayUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentToday + price).toFixed(2)} exceeds today's cap $${grant.perDayUsd}`)\n }\n if (grant.totalUsd != null && spentTotal + price > grant.totalUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentTotal + price).toFixed(2)} exceeds lifetime cap $${grant.totalUsd}`)\n }\n pricedUsd = price\n return true\n },\n })\n\n let res: Response\n try {\n res = await client(input, init)\n } catch (err) {\n if (err instanceof GrantError) throw err // already denied + receipted\n // A rejection from the underlying client (e.g. no acceptable requirement).\n const note = err instanceof PaymentError ? 'payment-failed' : 'error'\n emit({ host, amountUsd: 0, ok: false, note, ts: Date.now() })\n throw err\n }\n\n // Settled (or a free, non-402 call where pricedUsd stayed 0).\n if (pricedUsd > 0) {\n spentToday += pricedUsd\n spentTotal += pricedUsd\n }\n const txHash = txHashOf(res)\n emit({ host, amountUsd: pricedUsd, ok: true, txHash, note: 'settled', ts: Date.now() })\n log(`✓ ${host} — $${pricedUsd.toFixed(4)} · today $${spentToday.toFixed(2)}/$${grant.perDayUsd}`)\n return res\n } as PayFn\n\n pay.spentTodayUsd = () => spentToday\n pay.remainingTodayUsd = () => Math.max(0, grant.perDayUsd - spentToday)\n pay.spentTotalUsd = () => spentTotal\n pay.flushLedger = () => ledgerChain\n return pay\n}\n"]}
1
+ {"version":3,"sources":["../src/utils.ts","../src/client.ts","../src/agent.ts"],"names":["pay"],"mappings":";;;AAgCA,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AACpC,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AAG7B,SAAS,cAAc,KAAA,EAAwB;AACpD,EAAA,MAAM,QAAQ,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AACtD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,IAAA,IAAQ,KAAA,EAAO,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAC5D,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAGO,SAAS,cAA2B,GAAA,EAAgB;AACzD,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,QAAQ,CAAC,CAAA;AAAA,EACnD,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,GAAG,CAAA;AACvB,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EACxE;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AAC7C;AAGO,SAAS,WAAA,GAA6B;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AACvC,EAAA,OAAQ,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF;;;ACtBO,SAAS,oBAAoB,OAAA,EAAwB;AAC1D,EAAA,MAAM,YAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAEnE,EAAA,OAAO,eAAe,QAAA,CACpB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AACnB,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,CAAU,KAAA,EAAO,IAAI,CAAA;AACzC,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,GAAA,EAAK,OAAO,KAAA;AAEjC,IAAA,MAAM,YAAA,GAAe,MAAM,oBAAA,CAAqB,KAAK,CAAA;AACrD,IAAA,MAAM,cAAc,iBAAA,CAAkB,YAAA,CAAa,OAAA,IAAW,IAAI,OAAO,CAAA;AACzE,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,YAAA,CAAa,8DAAA,EAAgE,YAAY,CAAA;AAAA,IACrG;AAEA,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,iBAAA,CAAkB,WAAW,CAAA;AAC5D,MAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,YAAA,CAAa,4BAA4B,YAAY,CAAA;AAAA,IAChF;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,sBAAA,CAAuB,OAAA,CAAQ,QAAQ,WAAW,CAAA;AACxE,IAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,YAAA,EAAc,WAAA,EAAa,OAAO,CAAA;AACpE,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA;AACxC,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAA,CAAO,KAAK,CAAA;AAErC,IAAA,OAAO,UAAU,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,EAC9C,CAAA;AACF;AAEO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAC7B,YAAA;AAAA,EACT,WAAA,CAAY,SAAiB,YAAA,EAAwC;AACnE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AACF,CAAA;AAOO,SAAS,wBAAwB,GAAA,EAAwC;AAC9E,EAAA,MAAM,GAAA,GAAM,GAAA,CAAI,MAAA,IAAU,GAAA,CAAI,iBAAA;AAC9B,EAAA,IAAI,GAAA,IAAO,MAAM,OAAO,IAAA;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,qBAAqB,GAAA,EAAiD;AACnF,EAAA,IAAI;AACF,IAAA,OAAQ,MAAM,GAAA,CAAI,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,EACjC,CAAA,CAAA,MAAQ;AAGN,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA;AACjD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAI;AACF,QAAA,OAAO,cAAuC,MAAM,CAAA;AAAA,MACtD,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,MAAM,IAAI,aAAa,0DAA0D,CAAA;AAAA,EACnF;AACF;AAEA,SAAS,iBAAA,CACP,SACA,IAAA,EACgC;AAChC,EAAA,MAAM,SAAS,OAAA,CACZ,MAAA,CAAO,CAAC,CAAA,KAAM,EAAE,MAAA,KAAW,OAAO,CAAA,CAElC,MAAA,CAAO,CAAC,CAAA,KAAM,iBAAA,CAAkB,EAAE,OAAO,CAAA,KAAM,IAAI,CAAA,CACnD,MAAA;AAAA,IACC,CAAC,CAAA,KACC,CAAC,IAAA,CAAK,eAAA,IACN,KAAK,eAAA,CAAgB,IAAA,CAAK,CAAC,CAAA,KAAM,kBAAkB,CAAC,CAAA,KAAM,iBAAA,CAAkB,CAAA,CAAE,OAAO,CAAC;AAAA,GAC1F,CACC,GAAA,CAAI,CAAC,CAAA,MAAO,EAAE,GAAA,EAAK,CAAA,EAAG,MAAA,EAAQ,uBAAA,CAAwB,CAAC,CAAA,EAAE,CAAE,CAAA,CAC3D,MAAA,CAAO,CAAC,CAAA,KAAwD,CAAA,CAAE,MAAA,KAAW,IAAI,CAAA,CACjF,MAAA,CAAO,CAAC,CAAA,KAAM,CAAC,IAAA,CAAK,eAAA,IAAmB,CAAA,CAAE,MAAA,IAAU,KAAK,eAAe,CAAA;AAE1E,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAO,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,MAAA,GAAS,EAAA,GAAK,CAAE,CAAA,CAAE,CAAC,CAAA,EAAG,GAAA;AACnE;AAGA,SAAS,kBAAA,CACP,SAAA,EACA,WAAA,EACA,OAAA,EACiC;AACjC,EAAA,MAAM,OAAA,GAAU,UAAU,WAAA,IAAe,CAAA;AACzC,EAAA,IAAI,WAAW,CAAA,EAAG;AAChB,IAAA,MAAM,QAAA,GAA8B;AAAA,MAClC,WAAA,EAAa,OAAA;AAAA,MACb,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,QAAA,EAAU,WAAA;AAAA,MACV,OAAA;AAAA,MACA,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc;AAAC,KACvC;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,mBAAA,EAAqB,KAAA,EAAO,aAAA,CAAc,QAAQ,CAAA,EAAE;AAAA,EACrE;AACA,EAAA,MAAM,EAAA,GAAqB;AAAA,IACzB,WAAA,EAAa,CAAA;AAAA,IACb,MAAA,EAAQ,OAAA;AAAA,IACR,SAAS,WAAA,CAAY,OAAA;AAAA,IACrB;AAAA,GACF;AACA,EAAA,OAAO,EAAE,IAAA,EAAM,WAAA,EAAa,KAAA,EAAO,aAAA,CAAc,EAAE,CAAA,EAAE;AACvD;AAGA,eAAsB,sBAAA,CACpB,QACA,WAAA,EAC0B;AAC1B,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,aAAa,gCAAgC,CAAA;AAErE,EAAA,MAAM,KAAA,GAAQ,wBAAwB,WAAW,CAAA;AACjD,EAAA,IAAI,UAAU,IAAA,EAAM;AAClB,IAAA,MAAM,IAAI,aAAa,8CAA8C,CAAA;AAAA,EACvE;AACA,EAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,WAAA,CAAY,OAAO,CAAA;AACrD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,IAAI,YAAA,CAAa,CAAA,0BAAA,EAA6B,WAAA,CAAY,OAAO,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,GAAM,EAAE,CAAA;AAClC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,GAAA,IAAO,WAAA,CAAY,qBAAqB,GAAA,CAAI,CAAA;AACvE,EAAA,MAAM,QAAQ,WAAA,EAAY;AAE1B,EAAA,MAAM,SAAA,GACH,WAAA,CAAY,KAAA,EAAO,IAAA,IAA+B,UAAA;AACrD,EAAA,MAAM,YAAA,GACH,WAAA,CAAY,KAAA,EAAO,OAAA,IAAkC,GAAA;AAExD,EAAA,MAAM,SAAA,GAAa,MAAM,MAAA,CAAO,aAAA,CAAc;AAAA,IAC5C,OAAA;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,OAAA,EAAS,YAAA;AAAA,MACT,OAAA;AAAA,MACA,mBAAmB,WAAA,CAAY;AAAA,KACjC;AAAA,IACA,KAAA,EAAO;AAAA,MACL,yBAAA,EAA2B;AAAA,QACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,QAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,QAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,QACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,QACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,QACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AACnC,KACF;AAAA,IACA,WAAA,EAAa,2BAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA;AAAA,MACA,UAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA;AACF,GACD,CAAA;AAED,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,aAAA,EAAe;AAAA,MACb,MAAM,OAAA,CAAQ,OAAA;AAAA,MACd,IAAI,WAAA,CAAY,KAAA;AAAA,MAChB,KAAA,EAAO,MAAM,QAAA,EAAS;AAAA,MACtB,UAAA,EAAY,WAAW,QAAA,EAAS;AAAA,MAChC,WAAA,EAAa,YAAY,QAAA,EAAS;AAAA,MAClC;AAAA;AACF,GACF;AACF;AAmBA,SAAS,kBAAkB,OAAA,EAAgC;AACzD,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAA,CAAM,SAAA,CAAU,MAAM,CAAC,CAAA;AACjD,IAAA,OAAO,OAAO,SAAA,CAAU,EAAE,CAAA,IAAK,EAAA,GAAK,IAAI,EAAA,GAAK,IAAA;AAAA,EAC/C;AACA,EAAA,QAAQ,OAAA;AAAwB,IAC9B,KAAK,MAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,CAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,EAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,GAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;;;AC3NO,IAAM,UAAA,GAAN,cAAyB,KAAA,CAAM;AAAA,EACpC,WAAA,CACS,MACP,OAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAIP,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AAAA,EACd;AAAA,EALS,IAAA;AAMX;AAsEA,SAAS,SAAS,SAAA,EAA6C;AAC7D,EAAA,IAAI,SAAA,IAAa,MAAM,OAAO,QAAA;AAC9B,EAAA,IAAI,SAAA,YAAqB,IAAA,EAAM,OAAO,SAAA,CAAU,OAAA,EAAQ;AACxD,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,EAAU,OAAO,SAAA;AAC1C,EAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACtC,EAAA,OAAO,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,GAAW,CAAA;AACtC;AAEA,SAAS,YAAY,EAAA,EAAoB;AACvC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,KAAU,CAAA;AACnC;AAEA,SAAS,OAAO,KAAA,EAAuC;AACrD,EAAA,MAAM,GAAA,GAAM,OAAO,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,YAAiB,GAAA,GAAM,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAA;AAC1F,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,KAAK,WAAA,EAAY;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAA;AAAA,EACT;AACF;AAIA,SAAS,SAAS,GAAA,EAAmC;AACnD,EAAA,MAAM,MAAA,GAAS,IAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AAC1F,EAAA,IAAI,CAAC,QAAQ,OAAO,MAAA;AACpB,EAAA,IAAI;AACF,IAAA,OAAO,aAAA,CAA4B,MAAM,CAAA,CAAE,WAAA;AAAA,EAC7C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAMO,SAAS,QAAQ,OAAA,EAA8B;AACpD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,SAAQ,GAAI,OAAA;AAC9C,EAAA,MAAM,GAAA,GAAM,YAAY,MAAM;AAAA,EAAC,CAAA,CAAA;AAE/B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,QAAA,GAAW,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AAGrC,EAAA,MAAM,iBACJ,OAAA,CAAQ,MAAA,IAAU,KAAA,CAAM,EAAA,GACpB,IAAI,OAAA,CAAQ,SAAA,IAAa,qBAAA,EAAuB,OAAA,CAAQ,QAAQ,EAAE,CAAC,CAAA,YAAA,EAAe,KAAA,CAAM,EAAE,CAAA,OAAA,CAAA,GAC1F,IAAA;AACN,EAAA,IAAI,OAAA,CAAQ,MAAA,IAAU,CAAC,KAAA,CAAM,EAAA,EAAI;AAC/B,IAAA,GAAA,CAAI,yFAAyF,CAAA;AAAA,EAC/F;AAGA,EAAA,IAAI,WAAA,GAA6B,QAAQ,OAAA,EAAQ;AACjD,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAChD,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAI,CAAC,cAAA,EAAgB;AACrB,IAAA,WAAA,GAAc,WAAA,CACX,KAAK,YAAY;AAChB,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAY,cAAA,EAAgB;AAAA,QAC5C,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,CAAA,OAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,SACzC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,MAAM,CAAA,CAAE,IAAA;AAAA,UACR,WAAW,CAAA,CAAE,SAAA;AAAA,UACb,IAAI,CAAA,CAAE,EAAA;AAAA,UACN,QAAQ,CAAA,CAAE,MAAA;AAAA,UACV,MAAM,CAAA,CAAE;AAAA,SACT;AAAA,OACF,CAAA;AACD,MAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,GAAA,CAAI,CAAA,mBAAA,EAAiB,IAAI,MAAM,CAAA,KAAA,EAAQ,CAAA,CAAE,IAAI,CAAA,CAAE,CAAA;AAAA,IAC9D,CAAC,CAAA,CACA,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,GAAA,CAAI,CAAA,uBAAA,EAA0B,EAAE,IAAI,CAAA,EAAA,EAAK,eAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,GAAG,CAAA,CAAE,CAAA;AAAA,IACrF,CAAC,CAAA;AAAA,EACL,CAAA;AAEA,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,IAAA,CAAK,CAAC,CAAA;AACN,IAAA,KAAK,QAAQ,OAAA,CAAQ,SAAA,GAAY,CAAC,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACrD,CAAA;AACA,EAAA,MAAM,IAAA,GAAO,CAAC,IAAA,EAAc,IAAA,EAAsB,GAAA,KAAuB;AACvE,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAClE,IAAA,GAAA,CAAI,UAAK,IAAI,CAAA,QAAA,EAAM,IAAI,CAAA,EAAA,EAAK,GAAG,CAAA,CAAE,CAAA;AACjC,IAAA,MAAM,IAAI,UAAA,CAAW,IAAA,EAAM,GAAG,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,MAAM,eAAeA,IAAAA,CACzB,KAAA,EACA,IAAA,GAAoB,EAAC,EACF;AAEnB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,IAAA,CAAK,GAAA,EAAK,CAAA;AACpC,IAAA,IAAI,UAAU,QAAA,EAAU;AACtB,MAAA,QAAA,GAAW,KAAA;AACX,MAAA,UAAA,GAAa,CAAA;AAAA,IACf;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AAGzB,IAAA,IAAA,CAAK,MAAM,MAAA,IAAU,QAAA,MAAc,WAAW,IAAA,CAAK,IAAA,EAAM,WAAW,kBAAkB,CAAA;AACtF,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG,IAAA,CAAK,IAAA,EAAM,SAAA,EAAW,mBAAmB,CAAA;AACrF,IAAA,IAAI,CAAC,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,EAAG;AAC3D,MAAA,IAAA,CAAK,IAAA,EAAM,aAAA,EAAe,CAAA,EAAG,IAAI,CAAA,iCAAA,CAAmC,CAAA;AAAA,IACtE;AAIA,IAAA,IAAI,SAAA,GAAY,CAAA;AAChB,IAAA,MAAM,SAAS,mBAAA,CAAoB;AAAA,MACjC,MAAA;AAAA,MACA,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,iBAAiB,OAAA,CAAQ,eAAA;AAAA;AAAA;AAAA,MAGzB,iBAAA,EAAmB,CAAC,GAAA,KAA4B;AAG9C,QAAA,MAAM,QAAQ,MAAA,CAAO,uBAAA,CAAwB,GAAG,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA;AAC3D,QAAA,IAAI,KAAA,GAAQ,MAAM,UAAA,EAAY;AAC5B,UAAA,IAAA,CAAK,IAAA,EAAM,eAAA,EAAiB,CAAA,CAAA,EAAI,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,UAAU,CAAA,CAAE,CAAA;AAAA,QAC9F;AACA,QAAA,IAAI,UAAA,GAAa,KAAA,GAAQ,KAAA,CAAM,SAAA,EAAW;AACxC,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,sBAAA,EAAyB,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,IAAI,MAAM,QAAA,IAAY,IAAA,IAAQ,UAAA,GAAa,KAAA,GAAQ,MAAM,QAAA,EAAU;AACjE,UAAA,IAAA,CAAK,IAAA,EAAM,iBAAA,EAAmB,CAAA,CAAA,EAAA,CAAK,UAAA,GAAa,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAC,CAAA,uBAAA,EAA0B,KAAA,CAAM,QAAQ,CAAA,CAAE,CAAA;AAAA,QAC7G;AACA,QAAA,SAAA,GAAY,KAAA;AACZ,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,KACD,CAAA;AAED,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,EAAO,IAAI,CAAA;AAAA,IAChC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,YAAe,YAAY,MAAM,GAAA;AAErC,MAAA,MAAM,IAAA,GAAO,GAAA,YAAe,YAAA,GAAe,gBAAA,GAAmB,OAAA;AAC9D,MAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAC5D,MAAA,MAAM,GAAA;AAAA,IACR;AAGA,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,UAAA,IAAc,SAAA;AACd,MAAA,UAAA,IAAc,SAAA;AAAA,IAChB;AACA,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,IAAA,IAAA,CAAK,EAAE,IAAA,EAAM,SAAA,EAAW,SAAA,EAAW,EAAA,EAAI,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,IAAA,CAAK,GAAA,IAAO,CAAA;AACtF,IAAA,GAAA,CAAI,CAAA,OAAA,EAAK,IAAI,CAAA,SAAA,EAAO,SAAA,CAAU,QAAQ,CAAC,CAAC,CAAA,aAAA,EAAa,UAAA,CAAW,QAAQ,CAAC,CAAC,CAAA,EAAA,EAAK,KAAA,CAAM,SAAS,CAAA,CAAE,CAAA;AAChG,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAEA,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,oBAAoB,MAAM,IAAA,CAAK,IAAI,CAAA,EAAG,KAAA,CAAM,YAAY,UAAU,CAAA;AACtE,EAAA,GAAA,CAAI,gBAAgB,MAAM,UAAA;AAC1B,EAAA,GAAA,CAAI,cAAc,MAAM,WAAA;AACxB,EAAA,OAAO,GAAA;AACT","file":"agent.cjs","sourcesContent":["import type { X402Network } from './types.js'\n\nconst USDC_BY_NETWORK: Record<X402Network, `0x${string}`> = {\n base: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',\n 'base-sepolia': '0x036CbD53842c5426634e7929541eC2318f3dCF7e',\n ethereum: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48',\n optimism: '0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85',\n arbitrum: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831',\n polygon: '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359',\n}\n\nexport const USDC_DECIMALS = 6\n\n/** Returns the canonical USDC contract address for a supported network. */\nexport function usdcAddress(network: X402Network): `0x${string}` {\n return USDC_BY_NETWORK[network]\n}\n\n/**\n * Convert a human-friendly USD amount (e.g. \"0.01\") into atomic USDC units.\n * Fixed-point to avoid float drift — safer than Number math for payments.\n */\nexport function usdToAtomic(amount: string | number, decimals = USDC_DECIMALS): string {\n const str = typeof amount === 'number' ? amount.toString() : amount\n if (!/^\\d+(\\.\\d+)?$/.test(str)) {\n throw new Error(`Invalid amount: ${str}`)\n }\n const [whole, frac = ''] = str.split('.')\n const padded = frac.slice(0, decimals).padEnd(decimals, '0')\n return (BigInt(whole ?? '0') * 10n ** BigInt(decimals) + BigInt(padded || '0')).toString()\n}\n\nconst utf8Encoder = new TextEncoder()\nconst utf8Decoder = new TextDecoder()\n\n/** Base64 encode a JSON value — works in Node 18+ and browsers. */\nexport function encodePayment(value: unknown): string {\n const bytes = utf8Encoder.encode(JSON.stringify(value))\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64')\n }\n let binary = ''\n for (const byte of bytes) binary += String.fromCharCode(byte)\n return btoa(binary)\n}\n\n/** Base64 decode a payment header value back into JSON. */\nexport function decodePayment<T = unknown>(b64: string): T {\n let bytes: Uint8Array\n if (typeof Buffer !== 'undefined') {\n bytes = new Uint8Array(Buffer.from(b64, 'base64'))\n } else {\n const binary = atob(b64)\n bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)\n }\n return JSON.parse(utf8Decoder.decode(bytes)) as T\n}\n\n/** Generate a random 32-byte nonce as a 0x-prefixed hex string. */\nexport function randomNonce(): `0x${string}` {\n const bytes = new Uint8Array(32)\n globalThis.crypto.getRandomValues(bytes)\n return ('0x' + Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('')) as `0x${string}`\n}\n","import type { Address, Hex, WalletClient } from 'viem'\nimport type {\n ExactEvmPayload,\n PaymentEnvelopeV2,\n PaymentPayload,\n PaymentRequiredResponse,\n PaymentRequirement,\n X402Network,\n} from './types.js'\nimport { decodePayment, encodePayment, randomNonce } from './utils.js'\n\nexport interface ClientOptions {\n /** A viem WalletClient able to sign EIP-712 typed data. */\n wallet: WalletClient\n /** Underlying fetch to wrap (defaults to global fetch). */\n fetch?: typeof fetch\n /**\n * Hook called before signing. Return `false` to reject the payment.\n * Useful for showing a confirmation UI to the user.\n */\n onPaymentRequired?: (requirement: PaymentRequirement) => boolean | Promise<boolean>\n /** Only allow payments up to this atomic-units cap. Safety belt. */\n maxAmountAtomic?: bigint\n /** Restrict to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n}\n\n/**\n * Create a fetch wrapper that transparently handles x402 payments —\n * protocol v1 (\"base\" networks, `maxAmountRequired`, `X-PAYMENT` header)\n * and v2 (CAIP-2 networks, `amount`, `PAYMENT-SIGNATURE` envelope) alike.\n *\n * On a 402 response, it picks the cheapest acceptable requirement,\n * signs an EIP-3009 authorization with the provided wallet, and retries\n * the request with the version-appropriate payment header.\n *\n * @example\n * ```ts\n * const pay = createPaymentClient({ wallet })\n * const res = await pay('https://api.example.com/premium')\n * ```\n */\nexport function createPaymentClient(options: ClientOptions) {\n const baseFetch = options.fetch ?? globalThis.fetch.bind(globalThis)\n\n return async function payFetch(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n const first = await baseFetch(input, init)\n if (first.status !== 402) return first\n\n const requirements = await parsePaymentRequired(first)\n const requirement = selectRequirement(requirements.accepts ?? [], options)\n if (!requirement) {\n throw new PaymentError('No acceptable payment requirement matched client constraints', requirements)\n }\n\n if (options.onPaymentRequired) {\n const approved = await options.onPaymentRequired(requirement)\n if (!approved) throw new PaymentError('Payment rejected by user', requirements)\n }\n\n const payload = await signExactAuthorization(options.wallet, requirement)\n const header = buildPaymentHeader(requirements, requirement, payload)\n const headers = new Headers(init.headers)\n headers.set(header.name, header.value)\n\n return baseFetch(input, { ...init, headers })\n }\n}\n\nexport class PaymentError extends Error {\n readonly requirements?: PaymentRequiredResponse\n constructor(message: string, requirements?: PaymentRequiredResponse) {\n super(message)\n this.name = 'PaymentError'\n this.requirements = requirements\n }\n}\n\n/**\n * Atomic units owed for a requirement, version-agnostic: x402 v2 prices in\n * `amount`, v1 in `maxAmountRequired`. Returns null when absent or\n * unparseable (never throws — selection must be able to skip bad entries).\n */\nexport function requirementAtomicAmount(req: PaymentRequirement): bigint | null {\n const raw = req.amount ?? req.maxAmountRequired\n if (raw == null) return null\n try {\n return BigInt(raw)\n } catch {\n return null\n }\n}\n\nasync function parsePaymentRequired(res: Response): Promise<PaymentRequiredResponse> {\n try {\n return (await res.clone().json()) as PaymentRequiredResponse\n } catch {\n // v2 servers mirror the discovery document base64-encoded in the\n // `payment-required` response header — fall back to it for non-JSON bodies.\n const header = res.headers.get('payment-required')\n if (header) {\n try {\n return decodePayment<PaymentRequiredResponse>(header)\n } catch {\n /* fall through to the error below */\n }\n }\n throw new PaymentError('402 response did not contain a valid x402 discovery body')\n }\n}\n\nfunction selectRequirement(\n accepts: PaymentRequirement[],\n opts: ClientOptions,\n): PaymentRequirement | undefined {\n const priced = accepts\n .filter((a) => a.scheme === 'exact')\n // Only EVM networks this client can sign for (drops e.g. \"solana:…\").\n .filter((a) => chainIdForNetwork(a.network) !== null)\n .filter(\n (a) =>\n !opts.allowedNetworks ||\n opts.allowedNetworks.some((n) => chainIdForNetwork(n) === chainIdForNetwork(a.network)),\n )\n .map((a) => ({ req: a, amount: requirementAtomicAmount(a) }))\n .filter((e): e is { req: PaymentRequirement; amount: bigint } => e.amount !== null)\n .filter((e) => !opts.maxAmountAtomic || e.amount <= opts.maxAmountAtomic)\n\n return priced.sort((a, b) => (a.amount < b.amount ? -1 : 1))[0]?.req\n}\n\n/** Build the version-appropriate payment header for a signed authorization. */\nfunction buildPaymentHeader(\n challenge: PaymentRequiredResponse,\n requirement: PaymentRequirement,\n payload: ExactEvmPayload,\n): { name: string; value: string } {\n const version = challenge.x402Version ?? 1\n if (version >= 2) {\n const envelope: PaymentEnvelopeV2 = {\n x402Version: version,\n resource: challenge.resource,\n accepted: requirement,\n payload,\n extensions: challenge.extensions ?? {},\n }\n return { name: 'PAYMENT-SIGNATURE', value: encodePayment(envelope) }\n }\n const v1: PaymentPayload = {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload,\n }\n return { name: 'X-PAYMENT', value: encodePayment(v1) }\n}\n\n/** Sign an EIP-3009 `TransferWithAuthorization` for the given requirement. */\nexport async function signExactAuthorization(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<ExactEvmPayload> {\n const account = wallet.account\n if (!account) throw new PaymentError('Wallet has no account attached')\n\n const value = requirementAtomicAmount(requirement)\n if (value === null) {\n throw new PaymentError('x402 requirement is missing a payment amount')\n }\n const chainId = chainIdForNetwork(requirement.network)\n if (chainId === null) {\n throw new PaymentError(`Unsupported x402 network: ${requirement.network}`)\n }\n\n const now = Math.floor(Date.now() / 1000)\n const validAfter = BigInt(now - 60)\n const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600))\n const nonce = randomNonce()\n\n const tokenName =\n (requirement.extra?.name as string | undefined) ?? 'USD Coin'\n const tokenVersion =\n (requirement.extra?.version as string | undefined) ?? '2'\n\n const signature = (await wallet.signTypedData({\n account,\n domain: {\n name: tokenName,\n version: tokenVersion,\n chainId,\n verifyingContract: requirement.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address as Address,\n to: requirement.payTo,\n value,\n validAfter,\n validBefore,\n nonce,\n },\n })) as Hex\n\n return {\n signature,\n authorization: {\n from: account.address as Address,\n to: requirement.payTo,\n value: value.toString(),\n validAfter: validAfter.toString(),\n validBefore: validBefore.toString(),\n nonce,\n },\n }\n}\n\n/**\n * Sign a requirement into the x402 **v1** `X-PAYMENT` payload shape.\n * Kept for back-compat; `createPaymentClient` is version-aware internally.\n */\nexport async function signPayment(\n wallet: WalletClient,\n requirement: PaymentRequirement,\n): Promise<PaymentPayload> {\n return {\n x402Version: 1,\n scheme: 'exact',\n network: requirement.network,\n payload: await signExactAuthorization(wallet, requirement),\n }\n}\n\n/** Resolve a network to an EVM chain id — v1 friendly names and CAIP-2 ids. */\nfunction chainIdForNetwork(network: string): number | null {\n if (network.startsWith('eip155:')) {\n const id = Number(network.slice('eip155:'.length))\n return Number.isInteger(id) && id > 0 ? id : null\n }\n switch (network as X402Network) {\n case 'base':\n return 8453\n case 'base-sepolia':\n return 84532\n case 'ethereum':\n return 1\n case 'optimism':\n return 10\n case 'arbitrum':\n return 42161\n case 'polygon':\n return 137\n default:\n return null\n }\n}\n","/**\n * yeetful/agent — the \"agent expense account.\"\n *\n * Wrap your agent's HTTP calls in a single grant-aware `pay()`. Before any x402\n * payment is signed it enforces a spend grant — an allowlist of hosts plus\n * per-call / per-day / lifetime USD caps and an expiry — then pays via the\n * standard x402 client and emits a receipt for every call.\n *\n * One grant authorizes MANY endpoints (the allowlist). It's a guardrail for\n * your own agents (runaway loops, bugs, prompt-injected tool calls) and the\n * receipt feed behind budgets + audit. Enforcement here is local + instant;\n * for hard, adversarial guarantees back the grant with an on-chain Spend\n * Permission (the wallet contract caps spend regardless of this SDK).\n *\n * @example\n * ```ts\n * import { yeetful } from 'yeetful/agent'\n *\n * const pay = yeetful({\n * wallet, // viem WalletClient\n * grant: {\n * id: 'cmbq…', // hosted grant id (yeetful.com)\n * allow: ['tripadvisor.x402.paysponge.com', 'anthropic.yeetful.com'],\n * perCallUsd: 0.05,\n * perDayUsd: 2,\n * expiresAt: '2026-12-31',\n * },\n * apiKey: process.env.YEETFUL_API_KEY, // yf_… → receipts sync to your dashboard\n * onReceipt: (r) => console.log(r.host, r.amountUsd, r.txHash),\n * })\n *\n * const res = await pay('https://tripadvisor.x402.paysponge.com/api/v1/location/search?searchQuery=tokyo')\n * // throws GrantError on NOT_ALLOWED / OVER_PER_CALL / BUDGET_EXCEEDED / EXPIRED\n * ```\n */\n\nimport type { WalletClient } from 'viem'\nimport { createPaymentClient, PaymentError, requirementAtomicAmount } from './client.js'\nimport { decodePayment } from './utils.js'\nimport type { PaymentRequirement, SettleResult, X402Network } from './types.js'\n\nexport type GrantViolation =\n | 'EXPIRED'\n | 'REVOKED'\n | 'NOT_ALLOWED'\n | 'OVER_PER_CALL'\n | 'BUDGET_EXCEEDED'\n\nexport class GrantError extends Error {\n constructor(\n public code: GrantViolation,\n message: string,\n ) {\n super(message)\n this.name = 'GrantError'\n }\n}\n\n/** A scoped spend authorization (mirrors the hosted SpendGrant). */\nexport interface GrantPolicy {\n /** Optional id of the hosted grant this mirrors. */\n id?: string\n /** Exact hostnames this grant may pay (e.g. \"tripadvisor.x402.paysponge.com\"). */\n allow: string[]\n perCallUsd: number\n perDayUsd: number\n /** Optional lifetime cap across the life of this client instance. */\n totalUsd?: number | null\n /** Unix ms, ISO string, or Date. Omit for no expiry. */\n expiresAt?: number | string | Date\n /** 'active' | 'revoked'. Defaults to active. */\n status?: string\n}\n\n/** A single authorization decision — the audit trail + x402 receipt. */\nexport interface Receipt {\n host: string\n amountUsd: number\n ok: boolean\n txHash?: string\n /** \"settled\" on success, or the GrantViolation code on a denial. */\n note: string\n ts: number\n}\n\nexport interface AgentOptions {\n /** viem WalletClient that signs the EIP-3009 payment. */\n wallet: WalletClient\n /** The spend grant to enforce. */\n grant: GrantPolicy\n /** Underlying fetch (defaults to global fetch). */\n fetch?: typeof fetch\n /** Restrict payments to specific networks (defaults to all). */\n allowedNetworks?: X402Network[]\n /** Called after every decision — wire this to your ledger / dashboard. */\n onReceipt?: (receipt: Receipt) => void | Promise<void>\n /** Human-readable progress logging. */\n onEvent?: (message: string) => void\n /**\n * Yeetful API key (`yf_…`, minted at yeetful.com while signed in). Together\n * with `grant.id` it turns on hosted-ledger sync: every receipt is POSTed to\n * `{ledgerUrl}/api/grants/{grant.id}/ledger` with Bearer auth, so the\n * dashboard's budgets/audit trail include this agent's calls. Sync is\n * best-effort and never blocks or fails a payment.\n */\n apiKey?: string\n /** Base URL of the hosted ledger. Defaults to https://yeetful.com. */\n ledgerUrl?: string\n}\n\nexport interface PayFn {\n (input: string | URL | Request, init?: RequestInit): Promise<Response>\n /** USD spent under this grant since UTC midnight (this client instance). */\n spentTodayUsd(): number\n /** USD remaining in today's budget. */\n remainingTodayUsd(): number\n /** USD spent over the life of this client instance. */\n spentTotalUsd(): number\n /**\n * Resolves once every hosted-ledger sync issued so far has settled (no-op\n * without `apiKey`). Await this before a short-lived script exits so the\n * last receipts aren't dropped with the process.\n */\n flushLedger(): Promise<void>\n}\n\nfunction expiryMs(expiresAt: GrantPolicy['expiresAt']): number {\n if (expiresAt == null) return Infinity\n if (expiresAt instanceof Date) return expiresAt.getTime()\n if (typeof expiresAt === 'number') return expiresAt\n const t = new Date(expiresAt).getTime()\n return Number.isNaN(t) ? Infinity : t\n}\n\nfunction utcDayIndex(ms: number): number {\n return Math.floor(ms / 86_400_000)\n}\n\nfunction hostOf(input: string | URL | Request): string {\n const url = typeof input === 'string' ? input : input instanceof URL ? input.href : input.url\n try {\n return new URL(url).host.toLowerCase()\n } catch {\n return ''\n }\n}\n\n/** Pull the settlement tx hash from the settle header, if present\n * (`PAYMENT-RESPONSE` on x402 v2, `X-PAYMENT-RESPONSE` on v1). */\nfunction txHashOf(res: Response): string | undefined {\n const header = res.headers.get('payment-response') ?? res.headers.get('x-payment-response')\n if (!header) return undefined\n try {\n return decodePayment<SettleResult>(header).transaction\n } catch {\n return undefined\n }\n}\n\n/**\n * Create a grant-aware paid `fetch`. Enforces the grant locally before signing\n * any x402 payment, pays with the wallet, and emits a receipt per call.\n */\nexport function yeetful(options: AgentOptions): PayFn {\n const { wallet, grant, onReceipt, onEvent } = options\n const log = onEvent ?? (() => {})\n\n let spentToday = 0\n let spentTotal = 0\n let dayIndex = utcDayIndex(Date.now())\n\n // ── Hosted-ledger sync (optional): receipts → POST /api/grants/:id/ledger ──\n const ledgerEndpoint =\n options.apiKey && grant.id\n ? `${(options.ledgerUrl ?? 'https://yeetful.com').replace(/\\/+$/, '')}/api/grants/${grant.id}/ledger`\n : null\n if (options.apiKey && !grant.id) {\n log('hosted-ledger sync disabled: grant.id is not set (use the id of your yeetful.com grant)')\n }\n // A chain (not fire-and-forget) so receipts land in order and flushLedger()\n // can await them; one failed POST is logged and never poisons the chain.\n let ledgerChain: Promise<void> = Promise.resolve()\n const ledgerFetch = options.fetch ?? globalThis.fetch\n const sync = (r: Receipt) => {\n if (!ledgerEndpoint) return\n ledgerChain = ledgerChain\n .then(async () => {\n const res = await ledgerFetch(ledgerEndpoint, {\n method: 'POST',\n headers: {\n 'content-type': 'application/json',\n authorization: `Bearer ${options.apiKey}`,\n },\n body: JSON.stringify({\n host: r.host,\n amountUsd: r.amountUsd,\n ok: r.ok,\n txHash: r.txHash,\n note: r.note,\n }),\n })\n if (!res.ok) log(`ledger sync → ${res.status} for ${r.host}`)\n })\n .catch((err) => {\n log(`ledger sync failed for ${r.host}: ${err instanceof Error ? err.message : err}`)\n })\n }\n\n const emit = (r: Receipt) => {\n sync(r)\n void Promise.resolve(onReceipt?.(r)).catch(() => {})\n }\n const deny = (host: string, code: GrantViolation, msg: string): never => {\n emit({ host, amountUsd: 0, ok: false, note: code, ts: Date.now() })\n log(`✗ ${host} — ${code}: ${msg}`)\n throw new GrantError(code, msg)\n }\n\n const pay = async function pay(\n input: string | URL | Request,\n init: RequestInit = {},\n ): Promise<Response> {\n // Roll the daily budget at UTC midnight.\n const today = utcDayIndex(Date.now())\n if (today !== dayIndex) {\n dayIndex = today\n spentToday = 0\n }\n\n const host = hostOf(input)\n\n // ── Pre-flight policy (no network): status → expiry → allowlist ─────────\n if ((grant.status ?? 'active') === 'revoked') deny(host, 'REVOKED', 'grant is revoked')\n if (Date.now() > expiryMs(grant.expiresAt)) deny(host, 'EXPIRED', 'grant has expired')\n if (!grant.allow.map((h) => h.toLowerCase()).includes(host)) {\n deny(host, 'NOT_ALLOWED', `${host} is not in this grant's allowlist`)\n }\n\n // Price is only known from the 402 challenge — check caps in the hook,\n // which runs after the challenge is parsed and before the payment is signed.\n let pricedUsd = 0\n const client = createPaymentClient({\n wallet,\n fetch: options.fetch,\n allowedNetworks: options.allowedNetworks,\n // Per-call enforcement lives in the hook (not maxAmountAtomic) so an\n // over-cap call surfaces a clean GrantError instead of a filtered no-match.\n onPaymentRequired: (req: PaymentRequirement) => {\n // Version-agnostic price (v2 `amount`, v1 `maxAmountRequired`).\n // Selection already dropped unpriced entries, so this can't be null.\n const price = Number(requirementAtomicAmount(req) ?? 0n) / 1e6\n if (price > grant.perCallUsd) {\n deny(host, 'OVER_PER_CALL', `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`)\n }\n if (spentToday + price > grant.perDayUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentToday + price).toFixed(2)} exceeds today's cap $${grant.perDayUsd}`)\n }\n if (grant.totalUsd != null && spentTotal + price > grant.totalUsd) {\n deny(host, 'BUDGET_EXCEEDED', `$${(spentTotal + price).toFixed(2)} exceeds lifetime cap $${grant.totalUsd}`)\n }\n pricedUsd = price\n return true\n },\n })\n\n let res: Response\n try {\n res = await client(input, init)\n } catch (err) {\n if (err instanceof GrantError) throw err // already denied + receipted\n // A rejection from the underlying client (e.g. no acceptable requirement).\n const note = err instanceof PaymentError ? 'payment-failed' : 'error'\n emit({ host, amountUsd: 0, ok: false, note, ts: Date.now() })\n throw err\n }\n\n // Settled (or a free, non-402 call where pricedUsd stayed 0).\n if (pricedUsd > 0) {\n spentToday += pricedUsd\n spentTotal += pricedUsd\n }\n const txHash = txHashOf(res)\n emit({ host, amountUsd: pricedUsd, ok: true, txHash, note: 'settled', ts: Date.now() })\n log(`✓ ${host} — $${pricedUsd.toFixed(4)} · today $${spentToday.toFixed(2)}/$${grant.perDayUsd}`)\n return res\n } as PayFn\n\n pay.spentTodayUsd = () => spentToday\n pay.remainingTodayUsd = () => Math.max(0, grant.perDayUsd - spentToday)\n pay.spentTotalUsd = () => spentTotal\n pay.flushLedger = () => ledgerChain\n return pay\n}\n"]}
package/dist/agent.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { WalletClient } from 'viem';
2
- import { X as X402Network } from './types-DzGpKiV3.cjs';
2
+ import { X as X402Network } from './types-DgG0iIOB.cjs';
3
3
 
4
4
  /**
5
5
  * yeetful/agent — the "agent expense account."
package/dist/agent.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { WalletClient } from 'viem';
2
- import { X as X402Network } from './types-DzGpKiV3.js';
2
+ import { X as X402Network } from './types-DgG0iIOB.js';
3
3
 
4
4
  /**
5
5
  * yeetful/agent — the "agent expense account."
package/dist/agent.js CHANGED
@@ -34,7 +34,7 @@ function createPaymentClient(options) {
34
34
  const first = await baseFetch(input, init);
35
35
  if (first.status !== 402) return first;
36
36
  const requirements = await parsePaymentRequired(first);
37
- const requirement = selectRequirement(requirements.accepts, options);
37
+ const requirement = selectRequirement(requirements.accepts ?? [], options);
38
38
  if (!requirement) {
39
39
  throw new PaymentError("No acceptable payment requirement matched client constraints", requirements);
40
40
  }
@@ -42,9 +42,10 @@ function createPaymentClient(options) {
42
42
  const approved = await options.onPaymentRequired(requirement);
43
43
  if (!approved) throw new PaymentError("Payment rejected by user", requirements);
44
44
  }
45
- const payment = await signPayment(options.wallet, requirement);
45
+ const payload = await signExactAuthorization(options.wallet, requirement);
46
+ const header = buildPaymentHeader(requirements, requirement, payload);
46
47
  const headers = new Headers(init.headers);
47
- headers.set("X-PAYMENT", encodePayment(payment));
48
+ headers.set(header.name, header.value);
48
49
  return baseFetch(input, { ...init, headers });
49
50
  };
50
51
  }
@@ -56,22 +57,66 @@ var PaymentError = class extends Error {
56
57
  this.requirements = requirements;
57
58
  }
58
59
  };
60
+ function requirementAtomicAmount(req) {
61
+ const raw = req.amount ?? req.maxAmountRequired;
62
+ if (raw == null) return null;
63
+ try {
64
+ return BigInt(raw);
65
+ } catch {
66
+ return null;
67
+ }
68
+ }
59
69
  async function parsePaymentRequired(res) {
60
70
  try {
61
71
  return await res.clone().json();
62
72
  } catch {
73
+ const header = res.headers.get("payment-required");
74
+ if (header) {
75
+ try {
76
+ return decodePayment(header);
77
+ } catch {
78
+ }
79
+ }
63
80
  throw new PaymentError("402 response did not contain a valid x402 discovery body");
64
81
  }
65
82
  }
66
83
  function selectRequirement(accepts, opts) {
67
- const filtered = accepts.filter((a) => a.scheme === "exact").filter((a) => !opts.allowedNetworks || opts.allowedNetworks.includes(a.network)).filter((a) => !opts.maxAmountAtomic || BigInt(a.maxAmountRequired) <= opts.maxAmountAtomic);
68
- return filtered.sort(
69
- (a, b) => BigInt(a.maxAmountRequired) < BigInt(b.maxAmountRequired) ? -1 : 1
70
- )[0];
84
+ const priced = accepts.filter((a) => a.scheme === "exact").filter((a) => chainIdForNetwork(a.network) !== null).filter(
85
+ (a) => !opts.allowedNetworks || opts.allowedNetworks.some((n) => chainIdForNetwork(n) === chainIdForNetwork(a.network))
86
+ ).map((a) => ({ req: a, amount: requirementAtomicAmount(a) })).filter((e) => e.amount !== null).filter((e) => !opts.maxAmountAtomic || e.amount <= opts.maxAmountAtomic);
87
+ return priced.sort((a, b) => a.amount < b.amount ? -1 : 1)[0]?.req;
88
+ }
89
+ function buildPaymentHeader(challenge, requirement, payload) {
90
+ const version = challenge.x402Version ?? 1;
91
+ if (version >= 2) {
92
+ const envelope = {
93
+ x402Version: version,
94
+ resource: challenge.resource,
95
+ accepted: requirement,
96
+ payload,
97
+ extensions: challenge.extensions ?? {}
98
+ };
99
+ return { name: "PAYMENT-SIGNATURE", value: encodePayment(envelope) };
100
+ }
101
+ const v1 = {
102
+ x402Version: 1,
103
+ scheme: "exact",
104
+ network: requirement.network,
105
+ payload
106
+ };
107
+ return { name: "X-PAYMENT", value: encodePayment(v1) };
71
108
  }
72
- async function signPayment(wallet, requirement) {
109
+ async function signExactAuthorization(wallet, requirement) {
73
110
  const account = wallet.account;
74
111
  if (!account) throw new PaymentError("Wallet has no account attached");
112
+ const value = requirementAtomicAmount(requirement);
113
+ if (value === null) {
114
+ throw new PaymentError("x402 requirement is missing a payment amount");
115
+ }
116
+ const chainId = chainIdForNetwork(requirement.network);
117
+ if (chainId === null) {
118
+ throw new PaymentError(`Unsupported x402 network: ${requirement.network}`);
119
+ }
75
120
  const now = Math.floor(Date.now() / 1e3);
76
121
  const validAfter = BigInt(now - 60);
77
122
  const validBefore = BigInt(now + (requirement.maxTimeoutSeconds ?? 600));
@@ -83,7 +128,7 @@ async function signPayment(wallet, requirement) {
83
128
  domain: {
84
129
  name: tokenName,
85
130
  version: tokenVersion,
86
- chainId: chainIdForNetwork(requirement.network),
131
+ chainId,
87
132
  verifyingContract: requirement.asset
88
133
  },
89
134
  types: {
@@ -100,30 +145,29 @@ async function signPayment(wallet, requirement) {
100
145
  message: {
101
146
  from: account.address,
102
147
  to: requirement.payTo,
103
- value: BigInt(requirement.maxAmountRequired),
148
+ value,
104
149
  validAfter,
105
150
  validBefore,
106
151
  nonce
107
152
  }
108
153
  });
109
154
  return {
110
- x402Version: 1,
111
- scheme: "exact",
112
- network: requirement.network,
113
- payload: {
114
- signature,
115
- authorization: {
116
- from: account.address,
117
- to: requirement.payTo,
118
- value: requirement.maxAmountRequired,
119
- validAfter: validAfter.toString(),
120
- validBefore: validBefore.toString(),
121
- nonce
122
- }
155
+ signature,
156
+ authorization: {
157
+ from: account.address,
158
+ to: requirement.payTo,
159
+ value: value.toString(),
160
+ validAfter: validAfter.toString(),
161
+ validBefore: validBefore.toString(),
162
+ nonce
123
163
  }
124
164
  };
125
165
  }
126
166
  function chainIdForNetwork(network) {
167
+ if (network.startsWith("eip155:")) {
168
+ const id = Number(network.slice("eip155:".length));
169
+ return Number.isInteger(id) && id > 0 ? id : null;
170
+ }
127
171
  switch (network) {
128
172
  case "base":
129
173
  return 8453;
@@ -137,6 +181,8 @@ function chainIdForNetwork(network) {
137
181
  return 42161;
138
182
  case "polygon":
139
183
  return 137;
184
+ default:
185
+ return null;
140
186
  }
141
187
  }
142
188
 
@@ -168,7 +214,7 @@ function hostOf(input) {
168
214
  }
169
215
  }
170
216
  function txHashOf(res) {
171
- const header = res.headers.get("x-payment-response");
217
+ const header = res.headers.get("payment-response") ?? res.headers.get("x-payment-response");
172
218
  if (!header) return void 0;
173
219
  try {
174
220
  return decodePayment(header).transaction;
@@ -241,7 +287,7 @@ function yeetful(options) {
241
287
  // Per-call enforcement lives in the hook (not maxAmountAtomic) so an
242
288
  // over-cap call surfaces a clean GrantError instead of a filtered no-match.
243
289
  onPaymentRequired: (req) => {
244
- const price = Number(req.maxAmountRequired) / 1e6;
290
+ const price = Number(requirementAtomicAmount(req) ?? 0n) / 1e6;
245
291
  if (price > grant.perCallUsd) {
246
292
  deny(host, "OVER_PER_CALL", `$${price.toFixed(4)} exceeds per-call cap $${grant.perCallUsd}`);
247
293
  }