[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81130":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":15,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":16,"rankGlobal":10,"rankLanguage":10,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":20,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":29,"readmeContent":30,"aiSummary":31,"trendingCount":15,"starSnapshotCount":15,"syncStatus":32,"lastSyncTime":33,"discoverSource":34},81130,"jup","jerrywang33\u002Fjup","jerrywang33","Risk and settlement for Solana agent payments.","https:\u002F\u002Fjerrywang33.github.io\u002Fjup\u002F",null,"JavaScript",30,3,1,0,41.81,"MIT License",false,"main",true,[22,23,24,25,26,27,28],"agents","ai","defi","jupiter","payments","risk-management","solana","2026-06-12 04:01:32","# jup.sh\n\nRisk and settlement for Solana agent payments.\n\n`jup.sh` is an early side project exploring the intersection of Solana DeFi,\nAI, and payments.\n\nThe idea:\n\n```txt\nAgents pay with any verified token.\nRecipients settle in USDC.\nPolicy decides when humans step in.\n```\n\n## Status\n\nThis repository contains the `jup-sh` 1.0 npm CLI, a static product site, a\nhosted Risk Review prototype, a local Intent API, and a source-only TypeScript\nSDK prototype.\n\nThe 1.0 CLI can execute real Jupiter swaps from the user's machine when the\nuser explicitly provides a local Solana keypair. The hosted review site and\nlocal transaction request server never custody keys.\n\nLive site:\n\n```txt\nhttps:\u002F\u002Fwww.jup.sh\n```\n\nDeveloper docs:\n\n```txt\nhttps:\u002F\u002Fjerrywang33.github.io\u002Fjup\u002F\n```\n\n## Current Version\n\nThe current version is an npm CLI plus static Risk Review prototype:\n\n```txt\ninit\n-> policy trust\u002Fset\n-> payment intent\n-> mock or Jupiter quote\n-> quote-aware policy checks\n-> local intent store\n-> local read-only intent status\u002FAPI\n-> local review approval\u002Frejection state\n-> transaction request runtime gate\n-> transaction request preflight\n-> unavailable receipt scaffold\n-> local intent event log\n-> intent expiry\u002Freplay gate\n-> transaction request token gate\n-> wallet account binding gate\n-> quote freshness gate\n-> real Jupiter swap transaction creation\n-> local keypair signing and RPC submission\n-> confirmed receipt persistence\n-> review URL shortcut\n-> hosted Risk Review page\n```\n\nThe SDK path mirrors the same risk layer:\n\n```txt\ncreate intent\n-> policy profile\n-> trusted recipient check\n-> Jupiter quote estimate\n-> policy explanation\n-> Risk Review URL when needed\n```\n\nThe server path returns unsigned Solana Pay transaction requests for wallet\nauthorization. The CLI path can sign and submit only when a user provides a\nlocal keypair with `jup-sh intent execute`.\n\n## Product Direction\n\n`jup.sh` is designed as a Jupiter-powered risk and settlement layer for Solana\nagent payments.\n\nThe intended flow:\n\n```txt\nagent intent -> policy decision -> Jupiter settlement -> authorize or review\n```\n\nThe default path should be automatic. Human review should appear only when\npolicy or risk signals require it.\n\n## Quickstart\n\nRun the npm CLI:\n\n```bash\nnpx jup-sh init\nnpx jup-sh doctor\n```\n\nThen configure policy and create a payment intent:\n\n```bash\nnpx jup-sh policy trust api.vendor.example\nnpx jup-sh pay --agent deepseek --token SOL --amount 6 --settle USDC --recipient api.vendor.example --json\n```\n\nThe CLI returns a structured local payment intent. Agents should branch on the\nexit code:\n\n```txt\n0 = auto_pay\n2 = review_required\n1 = rejected or command failure\n```\n\nExecution boundary:\n\n```txt\nServer: no signing, no custody, no private keys.\nCLI: signs and submits only with an explicit local keypair.\n```\n\nFor source development, install dependencies:\n\n```bash\nnpm install\n```\n\nShow the default local policy:\n\n```bash\nnpm run cli -- policy show\n```\n\nCreate a local policy file:\n\n```bash\nnpm run cli -- policy init\n```\n\nCreate a payment intent with the default mock quote provider:\n\n```bash\nnpm run cli -- pay --agent deepseek --token SOL --amount 20 --settle USDC\n```\n\nCreate a payment intent with a real Jupiter quote:\n\n```bash\nnpm run cli -- pay --agent deepseek --token SOL --amount 20 --settle USDC --quote-provider jupiter\n```\n\nList saved local intents:\n\n```bash\nnpm run cli -- intent list\n```\n\nExport a saved intent as a Risk Review URL:\n\n```bash\nnpm run cli -- intent export intent_xxx\n```\n\nUse the review shortcut:\n\n```bash\nnpm run cli -- review intent_xxx\n```\n\nShow a saved intent:\n\n```bash\nnpm run cli -- intent show intent_xxx\n```\n\nThe CLI saves generated intents locally:\n\n```txt\n.jup-sh\u002Fintents\u002F\u003Cintent_id>.json\n```\n\n## Current Surface\n\nV1 includes:\n\n- A pay.sh-inspired landing page.\n- A command-first agent payment concept.\n- A Risk Review prototype.\n- A public npm package: `jup-sh`.\n- Real Jupiter swap execution through local `jup-sh intent execute`.\n- A minimal TypeScript SDK prototype in `sdk\u002F`.\n- SDK policy profiles for `sandbox`, `balanced`, and `strict` risk posture.\n- SDK trusted-recipient helper for known API\u002Fvendor destinations.\n- SDK policy decision explanations for agent logs and Risk Review.\n- A static product shell for the current positioning.\n- Changelog in `CHANGELOG.md`.\n- Product notes in `docs\u002Fproduct.md`.\n- Technical architecture and design diagrams in `docs\u002Farchitecture.md`.\n- CLI release plan in `docs\u002Fcli-release-plan.md`.\n- SDK technical design in `docs\u002Fsdk-technical-design.md`.\n- CLI JSON contract in `docs\u002Fcli-json-contract.md`.\n- Agent integration guide in `docs\u002Fagent-integration.md`.\n- npm release checklist history in `docs\u002Fnpm-alpha-release-checklist.md`.\n- 1.0.0 real execution release notes in `docs\u002Freleases\u002F1.0.0.md`.\n- Draft alpha release notes in `docs\u002Freleases\u002F0.1.0-alpha.0.md`.\n- Alpha.1 release notes in `docs\u002Freleases\u002F0.1.0-alpha.1.md`.\n- Alpha.2 npm release notes in `docs\u002Freleases\u002F0.1.0-alpha.2.md`.\n- Alpha.3 init release notes in `docs\u002Freleases\u002F0.1.0-alpha.3.md`.\n- Alpha.4 policy tuning release notes in `docs\u002Freleases\u002F0.1.0-alpha.4.md`.\n- Alpha.5 review shortcut release notes in `docs\u002Freleases\u002F0.1.0-alpha.5.md`.\n- Alpha.6 doctor release notes in `docs\u002Freleases\u002F0.1.0-alpha.6.md`.\n- Alpha.7 review handoff release notes in `docs\u002Freleases\u002F0.1.0-alpha.7.md`.\n- Draft Alpha.8 transaction request skeleton release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.8.md`.\n- Draft Alpha.9 Intent API\u002Fstatus model release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.9.md`.\n- Draft Alpha.10 persisted review decision release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.10.md`.\n- Draft Alpha.11 transaction request runtime gate release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.11.md`.\n- Draft Alpha.12 transaction request preflight release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.12.md`.\n- Draft Alpha.13 receipt scaffold release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.13.md`.\n- Draft Alpha.14 intent event log release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.14.md`.\n- Draft Alpha.15 intent expiry\u002Freplay gate release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.15.md`.\n- Draft Alpha.16 transaction request token gate release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.16.md`.\n- Draft Alpha.17 wallet account binding release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.17.md`.\n- Draft Alpha.18 quote freshness gate release notes in\n  `docs\u002Freleases\u002F0.1.0-alpha.18.md`.\n- GitHub Pages developer docs in `docs\u002F`.\n- Jupiter quote-only design in `docs\u002Fjupiter-quote-design.md`.\n- Risk Review export design in `docs\u002Frisk-review-export-design.md`.\n- Transaction request skeleton design in\n  `docs\u002Ftransaction-request-skeleton-design.md`.\n- X \u002F Twitter content notes in `docs\u002Fx-content.md`.\n\nCurrent npm flow:\n\n```bash\nnpx jup-sh init\nnpx jup-sh doctor\nnpx jup-sh policy trust api.vendor.example\nnpx jup-sh pay --agent deepseek --token SOL --amount 6 --settle USDC --recipient api.vendor.example --json\n```\n\nReview-required shortcut:\n\n```bash\nnpx jup-sh review intent_xxx\n```\n\nSource development command:\n\n```bash\nnpm run cli -- pay --agent deepseek --token SOL --amount 20 --settle USDC\n```\n\nLocal TypeScript SDK example:\n\n```bash\nnpm run sdk:check\nnpm run sdk:smoke\nnpm run sdk:jupiter:live\n```\n\n```ts\nimport { createPaymentIntent } from \".\u002Fsdk\u002Findex.js\";\n\nconst intent = await createPaymentIntent({\n  agent: \"deepseek\",\n  token: \"SOL\",\n  amount: 20,\n  settle: \"USDC\",\n});\n```\n\nSDK Jupiter quote-only provider:\n\n```ts\nimport { createJupiterQuoteProvider, createPaymentIntent } from \".\u002Fsdk\u002Findex.js\";\n\nconst intent = await createPaymentIntent(\n  {\n    agent: \"deepseek\",\n    token: \"SOL\",\n    amount: 20,\n    settle: \"USDC\",\n  },\n  {\n    quoteProvider: createJupiterQuoteProvider(),\n  }\n);\n```\n\n`sdk:jupiter:live` is skipped by default. Set `JUP_SH_LIVE_JUPITER=1` to call\nJupiter's quote API.\n\nSDK Risk Review URL export:\n\n```ts\nimport { createPaymentIntent, createRiskReviewUrl } from \".\u002Fsdk\u002Findex.js\";\n\nconst intent = await createPaymentIntent({\n  agent: \"deepseek\",\n  token: \"SOL\",\n  amount: 20,\n  settle: \"USDC\",\n});\n\nconst reviewUrl = createRiskReviewUrl(intent, {\n  reviewBaseUrl: \"https:\u002F\u002Fwww.jup.sh\",\n});\n```\n\nThis uses the same base64url fragment payload as `jup-sh intent export`.\n\nSDK policy profiles:\n\n```ts\nimport { createPaymentIntent, getPolicyProfile } from \".\u002Fsdk\u002Findex.js\";\n\nconst intent = await createPaymentIntent(\n  {\n    agent: \"deepseek\",\n    token: \"SOL\",\n    amount: 20,\n    settle: \"USDC\",\n  },\n  {\n    policy: getPolicyProfile(\"sandbox\"),\n  }\n);\n```\n\nAvailable profiles are `sandbox`, `balanced`, and `strict`. `balanced` matches\nthe default alpha policy.\n\nTrusted recipient helper:\n\n```ts\nimport {\n  createPaymentIntent,\n  getPolicyProfile,\n  withTrustedRecipients,\n} from \".\u002Fsdk\u002Findex.js\";\n\nconst policy = withTrustedRecipients(getPolicyProfile(\"balanced\"), [\n  \"api.vendor.example\",\n]);\n\nconst intent = await createPaymentIntent(\n  {\n    agent: \"deepseek\",\n    token: \"SOL\",\n    amount: 2,\n    settle: \"USDC\",\n    recipient: \"api.vendor.example\",\n  },\n  { policy }\n);\n```\n\nPolicy decision explanation:\n\n```ts\nimport {\n  createPaymentIntent,\n  explainPolicyDecision,\n  getPolicyProfile,\n} from \".\u002Fsdk\u002Findex.js\";\n\nconst intent = await createPaymentIntent(\n  {\n    agent: \"deepseek\",\n    token: \"SOL\",\n    amount: 20,\n    settle: \"USDC\",\n  },\n  {\n    policy: getPolicyProfile(\"balanced\"),\n  }\n);\n\nconst explanation = explainPolicyDecision(intent);\nconsole.log(explanation.summary);\n```\n\nAlpha wrapper smoke test:\n\n```bash\nnpm run alpha:smoke\n```\n\nAlpha npm package dry run:\n\n```bash\nnpm run alpha:pack\n```\n\nRelease gate:\n\n```bash\nnpm run release:check\n```\n\nJSON output for agents or scripts:\n\n```bash\nnpm run --silent cli:alpha -- pay --agent deepseek --token SOL --amount 20 --settle USDC --json\n```\n\nThe CLI returns a structured local payment intent with:\n\n- `status`: `ready_for_authorization`, `review_required`, or `rejected`.\n- `decision`: `auto_pay`, `review_required`, or `rejected`.\n- `nextAction`: `ready_for_authorization`, `open_review`, or `rejected`.\n- `riskLevel`: `low`, `medium`, or `high`.\n- `policyChecks`: deterministic local checks over intent fields and quote risk.\n- `reviewUrl`: full Risk Review URL with `#intent=` payload when review is\n  required.\n- `reviewCommand`: local CLI shortcut, such as\n  `npx jup-sh review intent_xxx`.\n\nFor `pay`, exit codes are part of the agent contract:\n\n| Exit code | Meaning |\n| --- | --- |\n| `0` | The intent is inside policy and ready for local authorization. |\n| `2` | The intent is valid, but policy requires Risk Review. |\n| `1` | The intent is rejected or the command failed. |\n\nThe default quote provider is `mock`. Use `jupiter` for executable real routing:\n\n```bash\nnpm run cli -- pay --agent deepseek --token SOL --amount 20 --settle USDC --quote-provider jupiter --recipient-token-account \u003CRECIPIENT_USDC_TOKEN_ACCOUNT>\nnpm run cli -- intent execute intent_xxx --keypair ~\u002F.config\u002Fsolana\u002Fid.json --rpc-url https:\u002F\u002Fapi.mainnet-beta.solana.com --json\n```\n\nSet `JUPITER_API_KEY` or pass `--jupiter-api-key` if the Jupiter endpoint\nrequires an API key.\n\nUseful local commands:\n\n```bash\nnpm run cli -- init\nnpm run cli -- policy show\nnpm run cli -- policy show --json\nnpm run cli -- policy init\nnpm run cli -- intent list\nnpm run cli -- intent list --json\nnpm run cli -- intent export intent_xxx\nnpm run cli -- intent export intent_xxx --payload-only\nnpm run cli -- intent show intent_xxx\nnpm run cli -- intent show intent_xxx --json\n```\n\nExample policy override:\n\n```json\n{\n  \"maxAutoSettleUSDC\": 10,\n  \"maxAllowedSettleUSDC\": 250,\n  \"maxPriceImpactBps\": 100,\n  \"reviewHighPriceImpact\": true,\n  \"verifiedTokens\": [\"USDC\", \"SOL\", \"JUP\", \"BONK\"],\n  \"trustedRecipients\": [\"jup-sh-demo\"],\n  \"reviewUnknownRecipients\": true\n}\n```\n\nSave it as `jup.policy.json`, then run:\n\n```bash\nnpm run cli -- pay --agent deepseek --token SOL --amount 2 --settle USDC --recipient jup-sh-demo\n```\n\n## Local Development\n\nInstall dependencies:\n\n```bash\nnpm install\n```\n\nRun locally:\n\n```bash\nnpm run dev\n```\n\nOpen:\n\n```txt\nhttp:\u002F\u002Flocalhost:5173\n```\n\nRun checks:\n\n```bash\nnpm run check\n```\n\n## Roadmap\n\nThe alpha-to-1.0 path is documented in `docs\u002Fcomplete-version-roadmap.md`.\nThe current release notes are in `docs\u002Freleases\u002F1.0.0.md`.\n\n## Disclaimer\n\n`jup.sh` is an independent community-built tool.\n\nIt is not affiliated with, sponsored by, or endorsed by Jupiter Exchange, Solana\nFoundation, or pay.sh.\n\nReferences to Jupiter are about using Jupiter API\u002Frouting as infrastructure.\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","jup.sh 是一个为 Solana 代理支付提供风险管理和结算的工具。它支持代理使用任何验证过的代币进行支付，而接收方则以 USDC 结算，通过策略决定何时需要人工介入。项目采用 JavaScript 编写，提供了 npm CLI、静态产品网站、托管的风险审查原型以及本地意图 API 和 TypeScript SDK 原型。其核心功能包括基于 Jupiter 的实时交易创建、本地密钥对签名及提交、以及根据政策自动或手动审核支付请求。适用于涉及 Solana DeFi、AI 和支付场景中需要增强安全性和灵活性的开发者和企业。",2,"2026-06-11 04:03:38","CREATED_QUERY"]