pull in latest upstream#2
Open
TtheBC01 wants to merge 624 commits into
Open
Conversation
* Add @x402/stellar mechanism package with exact scheme Implement Stellar support for the x402 protocol covering: - Types, constants (network IDs, USDC contracts), and utility functions - Ed25519 signer with client/facilitator variants - Soroban transaction simulation and auth entry handling - Client: builds transfer calls, signs auth entries, serializes XDR - Server: parses prices, enhances payment requirements - Facilitator: verify (structure, amounts, signatures, events) and settle (fee sponsorship, multi-signer round-robin, submission) * Add unit tests for the Stellar mechanism Cover signer, constants, utils, shared helpers, client/server scheme logic, and facilitator verify/settle/getExtra flows. 150 tests across 9 test files. * Add integration tests for Stellar exact scheme End-to-end flows against Stellar testnet covering both the core x402Client/Server/Facilitator and the HTTP middleware variants. Includes resilience to testnet resets via automatic re-funding. * Add Stellar README and cross-reference from evm/svm Document the package API, usage examples, fee sponsorship model, and multi-signer facilitator setup. Link back from evm and svm. * Wire up Stellar in the advanced examples Register Stellar client/server/facilitator schemes alongside EVM and SVM in the all_networks examples. Guarded by env var presence so existing setups keep working without Stellar credentials. * Document Stellar setup in the advanced example READMEs Add STELLAR_PRIVATE_KEY / STELLAR_ADDRESS env vars to .env-local templates and update the example READMEs with Stellar usage notes. * Add Stellar to the e2e test suite Extend the test framework with Stellar network support, add protected-stellar endpoints to express/hono/next servers, register Stellar signers in axios/fetch clients and the TS facilitator. Includes test configs, lockfile, and the Stellar family in the test runner. All 8 server×client combos pass against testnet. * Update e2e docs with Stellar setup and trustline instructions Add STELLAR env vars to .env-local templates, document the Stellar testnet account setup process (keypair, USDC trustline, faucet), and update all server/client/facilitator READMEs. * Add npm publish workflow for @x402/stellar Manual-dispatch GitHub Actions workflow to publish the Stellar package to npm with provenance, matching the pattern used by the other mechanism packages. * Add CHANGELOG for @x402/stellar v2.5.0
* py fix for 1176 * fix settle response body * same for go/py * fix format
* fix(stellar): include feeBumpSigner in getSigners response The /facilitator/supported endpoint was not returning the feeBumpSigner address alongside regular signer addresses. This meant clients couldn't discover the fee bump signer via the supported endpoint. getSigners() now appends the feeBumpSigner address when configured, with a guard to prevent duplicates if it's also a regular signer. * refactor(stellar): unify getExtra and getSigners tests into facilitator-accessors Merge facilitator-getExtra.test.ts and facilitator-getSigners.test.ts into a single facilitator-accessors.test.ts, eliminating duplicate imports, mocks, and setup.
* fix: add duplicate settlement mitigation for SVM across all SDKs Introduce an in-memory SettlementCache to prevent a race condition on Solana where the same payment transaction could be settled multiple times before on-chain confirmation. The cache is shared across V1 and V2 facilitator schemes so that cross-version duplicates are caught. - Add SettlementCache with 120s TTL in TypeScript, Python, and Go - Integrate cache check into facilitator settle paths (V1 and V2) - Add unit tests for duplicate detection in all three languages - Share cache across V1/V2 in Go facilitator example - Add duplicate settlement spec to scheme_exact_svm.md - Document SettlementCache in SVM READMEs for all three SDKs - Document the race condition in go/FACILITATOR.md Security section - Add merchant-facing guidance in docs/core-concepts/client-server.md and docs/core-concepts/facilitator.md for self-settling servers - Fix JSDoc lint errors in TypeScript settlement-cache.ts * refactor: optimize SettlementCache prune with early break on ordered entries Leverage insertion-order guarantees of Map (TS) and dict (Python) to break early once a non-expired entry is encountered, avoiding a full scan of the cache on every isDuplicate call. Go is left unchanged since map iteration order is not guaranteed. Also adds prune-specific unit tests for all three SDKs covering: - mixed expired/fresh entries - all expired - none expired - insertion-order early-break correctness (Python) * docs: add changelog entries for SVM duplicate settlement fix
* fix stellar e2e config * fix stellar next e2e
* updated changeset * chore: version typescript packages * updated changelogs
…or (#1529) Adds 0xArchive as an x402 facilitator supporting HyperEVM (eip155:999) and Base (eip155:8453). Fee-free USDC settlement via EIP-3009. - Website: https://0xarchive.io - Facilitator: https://facilitator.0xarchive.io - Networks: HyperEVM, Base - Scheme: exact - Assets: EIP-3009 (USDC)
…arch/RAG) (#1483) * Add files via upload * Update metadata.json
* Add ActionGate to x402 Ecosystem # Add ActionGate to x402 Ecosystem ## Summary Adds ActionGate to the x402 ecosystem under `Services/Endpoints`. ## Files Added - `typescript/site/app/ecosystem/partners-data/actiongate/metadata.json` ## Why this belongs - ActionGate serves paid production endpoints using x402 V2 headers: - `PAYMENT-REQUIRED` - `PAYMENT-SIGNATURE` - `PAYMENT-RESPONSE` - Includes public API contract and SDKs for integration. ## Validation - Confirmed `metadata.json` schema aligns with existing partner entries. - Confirmed category is one of accepted categories: `Services/Endpoints`. ## Notes for reviewers - Endpoint docs and implementation references: - OpenAPI: `https://api.actiongate.xyz/docs/openapi-v1.yaml` - API quickstart: `https://api.actiongate.xyz/docs` * added actiongate logo
Adds Robtex network intelligence service to the ecosystem directory under Services/Endpoints. 50+ x402-enabled API endpoints on Base mainnet (USDC) for DNS, IP, BGP, threat intel, and Lightning data.
…#1480) * Add files via upload * Add metadata for Soundside partner
Security scanning API for AI agents detecting prompt injection, intent drift, and credential exfiltration. Pay-per-scan on Base. Co-authored-by: Fard Johnmar <[email protected]>
* feat: improve typescript implementation * feat: improve go implementation * feat: update examples * chore: update e2e clients * feat: improve typescript sdk for permit2 & gas sponsoring extensions * feat: improve go sdk for permit2 & gas sponsoring extensions * feat: update e2e tests accordingly * fix: lock/format/lint * chore: added changelog fragments * fix: x402.org usage of permit2 extensions * feat: pr feedback
* Update docs/sdk-features.md Generated-By: mintlify-agent * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent * Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent * Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent * Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent * Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Cognitive infrastructure service for AI agents — semantic deduplication, novelty detection, and belief consistency checking. Accepts x402 USDC micropayments on Base. Co-authored-by: Claude Opus 4.6 <[email protected]>
AskClaude is a pay-per-question Claude AI service using x402. Supports Haiku ($0.01), Sonnet ($0.03), Opus ($0.10) with streaming. No subscription or API key needed. USDC on Base. https://askclaude.shop
Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
* Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* Update docs/advanced-concepts/lifecycle-hooks.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* add checks for 0 settle/refund amounts * same for go
* specs: add NEAR v2 exact payment scheme spec * address PR1 comment about height vs time for timeout, how we had payer being returned oddly * update PaymentRequirements removing extra field, adding max timeout, clarity on when settlement happens * add clarity about yoctoNEAR deposit and access key verification, and how it applies with delegate actions and proactively added Duplicate Settlement Mitigation section * clarify the attached deposit in metatxs for both native transfer and ft_transfer/ft_transfer_call * improve "Token Transfer Intent and Exactness" about what's prepaid by client and relayer * add section "Implementing Verification with NEAR RPC" * wrap up details on facilitator sponsorship, vulnerability and mitigation sections
…dev framing (#2160) Address forensic review-quorum findings and conform SVM paywall to upstream pattern: - Drop dead solana:TESTNET FAUCET_URLS entry (Circle faucet does not dispense USDC on Solana Testnet; Option B renders "No faucet configured." for any unmapped chain). - Revert all Solana Testnet recognition added by prior refactor pass (SOLANA_NETWORK_REFS.TESTNET constant, getNetworkDisplayName branch, isTestnetNetwork OR-branch). The paywall now recognizes one non-mainnet SVM network — Devnet — matching upstream/main. No SVM dev expects paywall Testnet support; upstream doesn't provide it. - Unify "Need {tokenName} on {chainName}?" copy in SolanaPaywall and AvmPaywall payment-required headers (were hardcoded "USDC"; matches EvmPaywall). Closes #2159
The custom client example referenced process.env.SERVER_URL (undefined in .env-local) and hardcoded /weather, silently falling back to the localhost default. Align with the canonical pattern used by the fetch and axios client examples.
Generated-By: mintlify-agent Mintlify-Source: dashboard-editor Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
The MCP payment wrappers in server_sync.py and server_async.py called
facilitator.settle() but never branched on settle_result.success before
returning the wrapped tool's output. A signed EIP-3009 authorization
could be replayed indefinitely: verify passed each time, the tool ran,
settle returned success=False with AuthorizationAlreadyUsed, and the
wrapper returned the tool output stamped with the failed settlement
response in _meta.
Mirror the success check from the non-MCP path in server.py and route
to the existing _create_settlement_failed_result_{sync,async} helpers
on failure. Add regression tests covering the success=False branch
(distinct from the existing exception-path test) and assert that
on_after_settlement does not fire on failure.
Also fix a stale signature on the test mock's
_create_payment_required_response_real that was missing the extensions
parameter, which had been masking other test failures.
…2352) * add ERC-6492 unwrapping * same for py/go * add changeset * fix tvm e2e config
* fix smart wallet signatures and filestorage bundling * same for redis * changeset
* Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* add skip and skipHandler return primitives to resource server hooks * add onVerifiedPaymentCanceled/cancelDispatcher/onProtectedRequest hooks * add client hooks onPaymentResponse and onPaymentRequired * add extension 402/settlement enrichment hooks and policy * wire scheme and extension lifecycle hook adapters * add changelog
Generated-By: mintlify-agent Mintlify-Source: dashboard-editor Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Align the auth-capture scheme name with the new spec folder and file naming. Co-authored-by: Cursor <[email protected]>
* add siwx extension * add changelog
* Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/extensions/sign-in-with-x.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
normalizePath called decodeURIComponent on the request path before matching it against compiled route regexes. Express, Fastify, Hono, and Next all dispatch on the raw, undecoded path, so a request like /api/report/a%2Fb is routed to /api/report/:id by the framework but the middleware decoded it to /api/report/a/b — three segments — and the :param regex ([^/]+) failed to match, returning no-payment-required. The protected handler then ran without payment. Decode percent-escapes per segment, treating %2F/%2f/%5C/%5c as opaque tokens that survive normalization. This preserves segment count for the route regex while still decoding everything else, so existing route patterns that contain literal non-ASCII characters continue to match their percent-encoded request paths. Add regression tests covering encoded slash (both cases), encoded backslash (both cases), and a non-ASCII pattern as a guard against the simpler "drop decoding entirely" approach.
#2373) The legacy x402 paywall embeds payment configuration into the page via `window.x402 = {json.dumps(x402_config)};` inside a <script> block. json.dumps does not escape <, >, or &, so a `</script>` sequence inside any string field closes the script tag and lets an attacker run arbitrary JavaScript on the merchant's origin. The resource field is populated from `str(request.url)` in the FastAPI and Flask middleware, so a victim who follows a crafted link is sufficient to trigger the XSS. Add a private `_htmlsafe_json_dumps` mirroring the helper that already exists in the v2 (non-legacy) tree at python/x402/http/utils.py: escape <, >, & to their \\uXXXX forms after json.dumps. Use it for the inline-script payload. Add regression tests that drive `inject_payment_data` with payloads containing `</script>`, raw <, >, &, and assert that none of those characters appear inside the inline script body and that the escaped JSON still parses back to the original values.
The fallback HTML served when @x402/paywall is not installed interpolated request- and config-derived strings into HTML attributes and body text without escaping. The most direct attack: paymentRequired.resource.url is sourced from adapter.getUrl(), which returns the raw request URL. An apostrophe in that URL broke out of the single-quoted data-requirements attribute and could inject event handlers (e.g. onfocus/autofocus). The same template also rendered resource.url as raw HTML body text and relied on JSON.stringify to be HTML-safe (it is not). Per-site HTML escaping would close the immediate bug but leaves the template load-bearing on developer discipline forever, plus residual surface for javascript:/data: URLs in paywallConfig. appLogo and any future interpolation that forgets to escape. Replace the entire fallback body with a static template that contains zero interpolation. Programmatic clients still get the payment requirements via the 402 status, response headers, and JSON body (unchanged); browser-based payment requires installing @x402/paywall, which the page tells the developer to do. Add regression tests asserting that no portion of the request URL, the paywallConfig.appName, or the data-requirements attribute survives into the rendered HTML.
Refresh ecosystem content, card layout, and partner logo assets.
* feat: implement batch-settlement in python sdk * feat: add unit tests * feat: add integration tests * feat: add examples * feat: add e2e testing support * feat: cleanup * feat: cleanup code * fix: test * chore: add changeset fragment * fix: format * fix: improve examples
* Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/schemes/batch-settlement.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* fix batch-settlement extension imports and settlementOverride resolving * fix async channel manager * add flask e2e * exclude-newer = 3 days * add missing files * add uv >=0.11.0
* feat(mcp): handle McpError(-32042) for payment challenges The MCP TypeScript SDK's McpServer catch block discards error.data for all McpError codes except -32042 (UrlElicitationRequired from SEP-1036). This is the only error code that survives the McpServer round-trip with data intact, as tracked in: modelcontextprotocol/typescript-sdk#774 MCP servers using McpError(-32042) for payment challenges (per SEP-1036 which explicitly covers payment flows) need x402MCPClient to catch these thrown errors in addition to parsing isError tool results. Changes: - Add JSONRPC_PAYMENT_REQUIRED_CODE (-32042) constant - Update isPaymentRequiredError() to handle both 402 and -32042 codes - Add extractPaymentRequiredFromError() to x402MCPClient for extracting PaymentRequired from thrown McpError exceptions - Wrap callTool() and getToolPaymentRequirements() with try/catch to handle thrown -32042 errors alongside existing isError result parsing - Support both direct error.data and namespaced error.data.x402 formats - Add 17 new test cases covering all -32042 paths * refactor(mcp): reuse isPaymentRequiredError in extraction method Eliminate duplicated validation logic in extractPaymentRequiredFromError by using the isPaymentRequiredError() type guard as the gate, then extracting PaymentRequired from the validated error shape. Removes the JSONRPC_PAYMENT_REQUIRED_CODE import from the client module since the code check is now delegated to the type guard. * style(mcp): fix prettier formatting and JSDoc in -32042 tests * refactor(mcp): tighten -32042 payment error types and error handling - Widen MCPPaymentRequiredError to a discriminated union over { 402, PaymentRequired } | { -32042, PaymentRequired } | { -32042, { x402: PaymentRequired } } so isPaymentRequiredError's predicate matches the values it accepts. - Simplify extractPaymentRequiredFromError to narrow via the union and drop the 'as unknown as Record<string, unknown>' escape hatch. - Re-throw non-payment errors from getToolPaymentRequirements instead of returning null, mirroring callTool's catch so caller cannot mistake a network/tool failure for a free tool. Updates the corresponding test to assert the throw.
* chore: version typescript packages * fix hedera * fix hedera
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Tests
Checklist