Commit 17905c8
feat: sync upstream (120 commits) + carry EIP-7966 sync_send patch (#2)
* chore(docs): add x402 protocol specifications and canonical extensions
- Introduced `AGENTS.md` documenting folder structure, update guidelines, and verification checklists for x402 specs.
- Added canonical specs from the upstream x402 repository to `docs/specs/`, including scheme templates, transport templates, and extension specifications (e.g., `bazaar`, `eip2612_gas_sponsoring`, `erc20_gas_sponsoring`).
- Created `CONTRIBUTING.md` with guidelines for proposing and documenting new specifications.
* chore(docs): add E2E test harness implementation plan for x402-rs
- Introduced `test-harness-plan.md` in `plans/` outlining the structure, configuration, and execution flow for comprehensive E2E testing across chains and implementations.
- Detailed test matrix, naming conventions, and phase-based implementation tasks for v1 and v2 protocol scenarios.
- Included setup instructions, CLI commands, and utilities for clients, servers, and facilitators.
* chore(docs): rename E2E test harness plan to protocol compliance plan
- Renamed `e2e/` to `protocol-compliance/` to better align with the scope of protocol compliance testing.
- Updated folder structure, CLI commands, and references throughout the document.
- Revised descriptions to reflect the focus on protocol compliance rather than E2E testing.
* chore(protocol-compliance): initialize protocol compliance test harness
- Added `protocol-compliance/` folder with CLI, utilities, and configuration.
- Introduced `.env.example` for environment variable configuration.
- Implemented initial CLI structure (`src/cli.ts`) to handle test parameters and provide usage examples.
- Created utility modules (`client.ts`, `config.ts`, `facilitator.ts`) for handling protocol, wallet, and facilitator logic.
- Added `justfile` commands for testing, running, and managing dependencies.
- Set up package dependencies and type checking via `package.json` and `pnpm-lock.yaml`.
- Added placeholders for test execution and facilitator startup.
* chore(protocol-compliance): add v2-eip155-exact-rs-rs-rs test and Rust server utilities
- Added `v2-eip155-exact-rs-rs-rs.test.ts` to validate EIP-155 exact protocol with Rust server, client, and facilitator.
- Implemented `startLocalFacilitator()` and `startRustServer()` utilities for test scenarios.
- Updated `.gitignore` to include `test-config.json`.
- Enhanced facilitator and server to spawn and manage Rust processes via `cargo run`.
- Simplified `justfile` test commands for easier execution and maintenance.
- Completed Phase 1 of the v2-eip155-exact-rs-rs-rs scenario in `test-harness-plan.md`.
* fucking AI slop
* chore(protocol-compliance): remove deprecated smoke tests
- Deleted `smoke.test.ts` as it no longer aligns with current testing requirements.
- Updated `test-harness-plan.md` to remove references to the removed test file.
* chore(protocol-compliance): refactor facilitator and server utilities, dependency updates
- Refactored facilitator and server utilities to leverage `ProcessHandle` for improved process management.
- Updated EIP-155 test files to align with refactored utilities.
- Upgraded `@solana/*` dependencies to version `6.0.0`.
- Updated `pnpm-lock.yaml` to reflect dependency changes.
* chore(protocol-compliance): refactor tests and utilities, enhance Rust client and server handling
- Implemented `printLines` utility for consistent console output formatting across processes.
- Enhanced Rust client to dynamically derive endpoints from environment variables.
- Refactored facilitator and server utilities to use URL objects instead of strings for improved type safety.
- Consolidated and streamlined test scenarios for v2 EIP-155 exact compliance.
- Removed Aptos chain references to focus on supported networks.
* chore(protocol-compliance): add `get-port` dependency and use dynamic ports in config
- Introduced `get-port` package to dynamically assign ports for facilitator and server.
- Updated `config.ts` to replace static port assignment with dynamic port resolution.
- Added `get-port` to `package.json` and updated `pnpm-lock.yaml` to reflect the new dependency.
* chore(protocol-compliance): refactor tests and utilities for dynamic port resolution
- Replaced static port assignments with dynamic port resolution using `get-port`.
- Renamed and refactored `RustFacilitatorHandle` and `RustServerHandle` to `RSFacilitatorHandle` and `RSServerHandle` for consistency.
- Consolidated test utilities and removed redundant functionality.
- Simplified EIP-155 exact test scenarios, aligning them with updated facilitator and server utilities.
* chore(protocol-compliance): refactor EIP-155 exact tests and utilities for improved modularity
- Replaced `startLocalFacilitator` and `startRustServer` with `RSFacilitatorHandle` and `RSServerHandle` for consistent process management.
- Updated test cases to use `makeFetch` with dynamic chain-based configurations.
- Removed redundant test scenarios and streamlined endpoint validation using `URL` objects.
- Updated `vitest.config.ts` to align with test execution improvements and removed obsolete dynamic port resolution logic.
* chore(protocol-compliance): streamline EIP-155 exact tests with updated utilities
- Replaced redundant utility calls with `RSFacilitatorHandle` and `RSServerHandle` for consistency.
- Transitioned fetch logic to use `makeFetch` and `URL` for improved readability and modularity.
- Standardized string formatting across test files.
* chore(protocol-compliance): refine test harness plan and utilities
- Added `process-handle.ts` for consistent lifecycle management across Rust binaries.
- Introduced `workspace-root.ts` for centralizing repository root references.
- Updated test-harness documentation to reflect changes in server, client, and facilitator utilities.
- Standardized test scenarios and removed outdated v1 references.
- Improved modularity and design consistency in utility classes (`RSServerHandle`, `RSFacilitatorHandle`, etc.).
* chore(protocol-compliance): add v2-solana-exact-rs-rs-rs test for Rust-based client, server, and facilitator
- Introduced `v2-solana-exact-rs-rs-rs.test.ts` to validate Solana-specific protocol compliance with Rust stack.
- Added test cases for payment header validation and VIP content access.
- Enhanced utilities to support Solana key configuration and endpoint validation.
* chore(protocol-compliance): update EIP-155 tests to await `makeFetch` return value
- Added `await` to `makeFetch` calls in EIP-155 test cases for proper asynchronous behavior.
* chore(protocol-compliance): add Solana v2 exact test and update utilities
- Introduced `v2-solana-exact-rs-ts-rs.test.ts` to validate Solana protocol compliance with Rust client and TS server.
- Updated `client.ts` to support Solana-specific key configuration and environment setup.
- Added `@scure/base` dependency for Solana key management.
- Updated `package.json` and `pnpm-lock.yaml` to reflect dependency changes.
* chore(axum-paygate): enrich accepts with facilitator capabilities and update Solana devnet support
- Added `Paygate::enrich_accepts` to dynamically enhance accepts via facilitator capabilities.
- Replaced `USDC::solana` with `USDC::solana_devnet` for consistency across examples.
- Streamlined `main.rs` endpoint logic for improved readability.
* chore(protocol-compliance): add health check test to v2-solana-exact test suite
- Introduced a test case to verify facilitator health endpoint response.
* chore(protocol-compliance): remove unused client utilities and streamline `makeFetch` logic
- Deleted legacy and commented-out functions, including `createX402Client` and `startRustClient`.
- Refactored `makeFetch` for improved readability and consistency with chain-specific configurations.
* chore(protocol-compliance): add v2-solana-exact-ts-rs-rs test for TS client, Rust server, and Rust facilitator
- Introduced `v2-solana-exact-ts-rs-rs.test.ts` to validate payment header handling and VIP content access.
- Added test cases for facilitator health check, 402 response, and 200 VIP content validation.
- Updated utilities to support Solana-specific configurations.
* chore(protocol-compliance): add v2-solana-exact-ts-ts-rs test for TS client, TS server, and Rust facilitator
- Introduced `v2-solana-exact-ts-ts-rs.test.ts` to validate Solana protocol compliance with TS client, TS server, and Rust facilitator.
- Added test cases for facilitator and server health checks, 402 response validation, and VIP content access.
- Enhanced utilities to support Solana-specific configurations.
* chore(protocol-compliance): migrate configurations and streamline utilities for Solana and Base Sepolia support
- Consolidated environment variables and configurations for Base Sepolia and Solana Devnet usage.
- Replaced wallet-specific keys with chain-specific configurations in tests and utilities.
- Refactored facilitator config generation to use a temp file with runtime key injection.
- Updated test cases for consistency with new config structure.
- Updated dependencies (`@types/tmp`, `tmp`, etc.) and `pnpm-lock.yaml` to reflect changes.
* chore(protocol-compliance): finalize Solana test scenarios and update documentation
- Completed all 4 Solana test scenarios across Rust and TypeScript setups with Rust facilitator.
- Updated `test-harness-plan.md` to reflect completed combinations and added Solana-specific details.
- Enhanced utilities with Solana configuration support for private keys and RPC URLs.
- Standardized test file patterns and lifecycle management for consistency.
* chore(protocol-compliance): cleanup legacy CLI, justfile, and unused test plans
- Removed outdated CLI (`src/cli.ts`) and `justfile` from protocol-compliance.
- Deleted test harness plan and legacy documentation no longer relevant.
- Updated repository structure to reflect current implementation.
* chore(x402-axum): format `accepts` mapping for readability
* chore(protocol-compliance): remove unused facilitator utilities
- Deleted `getSupportedChains` and `isRemoteFacilitator` functions from `facilitator.ts` as they are no longer used.
* chore(protocol-compliance): remove unused `ClientOptions` interface from `client.ts`
* chore(workspace): bump package versions to 1.0.1
* chore(x402-reqwest): update `x402-reqwest` to workspace configuration and bump version to 1.0.1
* chore(x402-chain-eip155): replace `U256` with `TokenAmount` for `value` field: Serialize as decimals
* chore(workspace): bump package versions to 1.1.0
* docs: update for version 1.1.0 with serde bugfix entry
* chore(x402-chain-solana): add support for transaction uniqueness via memo program
- Introduced `build_random_memo_ix` to create memo instructions using the SPL Memo program and prevent duplicate transaction attacks.
- Updated transaction building logic to include memo instructions.
- Renamed `PHANTOM_LIGHTHOUSE_PROGRAM` to `PHANTOM_LIGHTHOUSE_PROGRAM_PUBKEY` for consistency.
- Added `rand` dependency for generating random nonces.
* chore(workspace): bump package versions to 1.1.1
* chore(x402-facilitator-local): add default log level and OpenTelemetry warning flag
- Introduced `default_level` with a default value of `TRACE`.
- Added `otel_warning` flag to toggle warnings when OpenTelemetry is not enabled.
- Updated configuration methods for improved customization: `with_level` and `with_otel_warning`.
- Refactored environment-based log level initialization for clarity.
* chore(workspace): bump package versions to 1.1.2 - mainly for Telemetry updates
* fix: bump package versions to 1.1.3 and update Solana chain client
- Put Solana memo program in the correct place
- Upgraded multiple `@solana` and other dependencies in `pnpm-lock.yaml` to ensure compatibility and support latest features.
* chore(plans): add Permit2 implementation plan for V2 protocol
* wip abis
* chore(abis): replace `x402Permit2Proxy.json` with `X402ExactPermit2Proxy.json` for updated ABI definition
* chore(eip155): add `asset_transfer_method` field with support for `Eip3009` and `Permit2` in token deployments
* chore(eip155): replace `eip712` with `transfer_method` in token deployments and refactor handling of transfer methods
* chore(x402-axum-example): update USDC deployment to use `Permit2` transfer method on /static-price-v2-permit2
* wip
* chore(eip155): add initial scaffolding for `Permit2` support in V2 EIP-155 exact scheme
* chore: refactor payment requirements parsing and normalize `OriginalJson` usage across all chains and clients
* chore(eip155): remove unused debug logging in `verify` method of facilitator logic
* chore(x402-types): rename `TAccepted` to `TPaymentRequirements` in `PaymentPayload` struct for clarity
* chore: refactor payment validation by introducing `assert_accepted_requirements` and update usage across chains
* chore(x402-chain-eip155): implement dummy `Eip3009` and `Permit2` payment verification logic for V2 and refactor facilitator to support both
* chore(x402-chain-eip155): implement dummy `Eip3009` and `Permit2` payment verification logic for V2 and refactor facilitator to support both
* wip
* after merge
* chore(eip155): remove debug print in types.rs and add debug print in permit2.rs
* chore(x402-chain-eip155): refactor error handling and update `assert_enough_value` to take references, add asset validation in `Permit2`
* chore(x402-chain-eip155): add `permit2_types` module with EIP-712 structs and canonical contract addresses for V2 exact scheme
* wip
* chore(x402-chain-eip155): refactor `permit2` payment validation by replacing `assert_valid_payment` with `assert_offchain`
* chore(x402-chain-eip155): remove `permit2_types` module, integrate IERC20 ABI, and extend Permit2 validation with on-chain allowance and balance checks
* chore(x402-chain-eip155): remove `permit2_types` module, integrate IERC20 ABI, and extend Permit2 validation with on-chain allowance and balance checks
* chore(x402-chain-eip155): refactor `ExactEvmPayment` to include `as_signed_message` and replace `SignedMessage::extract` usage
* wip
* chore(x402-chain-eip155): permit2 "exact" verify works
* chore(x402-chain-eip155): implement EIP-6492 and EIP-1271 signature verification in Permit2 validation
* chore(x402-chain-eip155): add offchain constraint verification in `settle_permit2_payment`
* chore(x402-chain-eip155): replace `TokenAmount` with `U256`, refactor decimal serialization, and update Cargo features
* chore(x402-chain-eip155): implement `settle_exact_permit2` and refactor `assert_onchain_valid` for Permit2 payment handling
* chore(x402-chain-eip155): permit2-based transfer seems to work
* chore(protocol-compliance): add `/static-price-v2-permit2` endpoint and integration test for Permit2 "exact" payments
* chore(protocol-compliance): add ERC20 utils, Base Sepolia client integration, and Permit2-based transaction handling with updated tests and refactored payment routes
* feat: add `PRECONDITION_FAILED` status handling for Permit2 payments, refactor status code mapping, and update tests
* test(protocol-compliance): re-enable and update `/static-price-v2-permit2` integration test with balance and allowance validation
* chore(x402-chain-eip155): implement Permit2 signing for client
* chore(x402-chain-eip155): remove unnecessary `.into()` calls for `U256` conversion across facilitator and client modules
* docs(x402-chain-eip155): Update README with Permit2 scheme
* feat(x402-chain-eip155): implement V2 EIP-155 "upto" payment scheme with client and facilitator support for Permit2
* feat(x402-chain-eip155): implement V2 EIP-155 "upto" payment scheme with client and facilitator support for Permit2
* feat(x402-chain-eip155): add Permit2 module and refactor facilitator and client integrations for shared constants and payload structures
* feat(x402-chain-eip155): extract IERC20 bindings to a dedicated module and clean up duplicated code in facilitator integrations
* refactor(x402-chain-eip155): remove duplicate `assert_onchain_allowance` and `assert_onchain_balance` functions by reusing existing definitions in `v2_eip155_exact::permit2`
* chore(x402-chain-eip155): remove unnecessary `clone()` calls on `authorization.from` in Permit2 facilitator
* refactor(x402-chain-eip155): remove `Option` wrapper from `settle_amount` in Permit2 facilitator and update validations accordingly
* refactor(x402-chain-eip155): simplify Permit2 facilitator by consolidating offchain validation logic and eliminating redundant settlement amount checks
* test: add `v2-eip155-exact-rs-rs-rs` test and refactor existing tests with shared `TEST_CONFIG`
* wip
* test: implement Permit2-based payment support in `upto-evm-scheme` and extend tests
- Added `createPaymentPayload` method to handle Permit2 authorization and EIP-712 signing.
- Introduced nonce and timestamp utilities to support Permit2 payload generation.
- Updated tests to validate payment workflows, including allowance and balance checks.
* test: upto seems to work in ts-ts-rs combo
* feat: add WIP support for `v2-eip155-upto` scheme with TS client, TS server, and Rust facilitator
- Introduced `/eip155-upto` endpoint with Permit2-based payment support.
- Implemented `V2Eip155Upto` server module and updated example with dynamic price tags.
- Removed unused `UptoExtra` fields and refactored related data structures.
- Added tests for `v2-eip155-upto-ts-ts-rs` scheme to validate payment flows, including statuses 402 and 412.
* chore: remove `#![cfg_attr(docsrs, feature(doc_auto_cfg))]` and address minor formatting inconsistencies across crates
* chore(protocol-compliance): remove debug logging and update dependencies
* test: unify test timeouts with centralized `TEST_CONFIG`
- Replaced individual timeout configurations in x402 test cases with shared `TEST_CONFIG`.
- Ensured consistent timeout management across all `v2-eip155-exact` test scenarios.
* chore: bump version to 1.2.0 across crates
* chore: bump crate versions to 1.3.0 and update dependencies across the project
* fix: make `description` and `mime_type` in `ResourceInfo` optional as per specs (x402-rs#71)
- Updated `ResourceInfoBuilder` and `ResourceInfo` to use `Option` types for `description` and `mime_type`.
- Adjusted defaults and serialization behavior to handle the optional fields.
- Ensured backward compatibility by providing default values where necessary.
* chore: bump crate versions to 1.3.1 across the project
* feat: support env var references for RPC endpoint URLs
Allow RPC endpoint URLs in EIP-155 and Solana chain configs to be
supplied via environment variable references by changing field types
from `Url` to `LiteralOrEnv<Url>`.
- `x402-chain-eip155`: `RpcConfig::http` changed to `LiteralOrEnv<Url>`
- `x402-chain-solana`: `SolanaChainConfigInner::rpc` and `pubsub`
changed to `LiteralOrEnv<Url>` / `Option<LiteralOrEnv<Url>>`
- `x402-chain-solana`: `SolanaChainConfig::pubsub()` return type
changed from `&Option<Url>` to `Option<&Url>` for idiomatic API
- `x402-types`: implement `Display` for `LiteralOrEnv<T>`
BREAKING CHANGE: `RpcConfig::http`, `SolanaChainConfigInner::rpc`, and
`SolanaChainConfigInner::pubsub` field types have changed. Callers
accessing these fields directly must now dereference via `.deref()` or
`*` to obtain the underlying `Url`. `SolanaChainConfig::pubsub()` now
returns `Option<&Url>` instead of `&Option<Url>`.
* feat: preserve env var name in LiteralOrEnv for round-trip display
Store the original environment variable name alongside the parsed value
in `LiteralOrEnv<T>` so that `Display` can reconstruct the original
`$VAR_NAME` syntax instead of rendering the resolved value.
This enables serialization and logging to reflect the configuration
source rather than the resolved secret, which is useful for diagnostics
and config round-tripping without exposing sensitive values.
* feat: preserve env var name in LiteralOrEnv for round-trip display
Store the original environment variable name alongside the parsed value
in `LiteralOrEnv<T>` so that `Display` can reconstruct the original
`$VAR_NAME` syntax instead of rendering the resolved value.
This enables serialization and logging to reflect the configuration
source rather than the resolved secret, which is useful for diagnostics
and config round-tripping without exposing sensitive values.
* refactor(telemetry): proper telemetry layer initialization
* feat(x402-chain-eip155): enable `traceparent` feature for `alloy-transport-http`
* chore: bump crate versions to 1.4.2 and update changelog
* fix(paygate): validate SettleResponse.success before serving resources
settlement_to_header() serializes the SettleResponse into a payment
header without checking the success field. A facilitator returning
HTTP 200 with { "success": false } causes the paygate to serve the
protected resource despite failed on-chain settlement.
Add validate_settlement() that inspects the success field before
header conversion. Applied to both settle_before_execution and
verify-first paths.
Fail-safe: missing or non-boolean success field is treated as failure.
The errorReason field is extracted when available.
Closes x402-rs#65
* feat(x402-chain-eip155): add EIP-2612 gas sponsoring support for Permit2 payments (x402-rs#77)
* chore: add exact payment scheme and x402 specification documentation
- Introduced `scheme_exact_svm.md`, outlining the exact payment scheme for Solana Virtual Machine (SVM).
- Added `x402-specification-v1.md` for detailed protocol definitions, including payment flows, schemas, and security considerations.
- Enhanced documentation to support implementation and integration of the x402 protocol across diverse environments.
* chore: update x402 specs and templates with clarified descriptions and formatting fixes
- Updated descriptions and metadata in various documentation files to improve clarity and alignment with protocol usage (e.g., `scheme_exact_algo.md`, `scheme_exact_svm.md`).
- Added missing `x402Version` fields in examples across specifications.
- Standardized formatting and corrected minor inconsistencies in tables, schemas, and JSON samples.
- Refined language to better define the scope of extensions (e.g., `bazaar`, `sign-in-with-x`).
* Update exact proxy contract to the current SDK one
* feat: add EIP-2612 gas-sponsoring extension for Permit2-based payments
- Introduced support for the `eip2612GasSponsoring` extension to facilitate gas-sponsored payments.
- Enabled clients to include EIP-2612 permits in their payment payloads, allowing facilitators to atomically call `settleWithPermit`.
- Updated `facilitator_local.rs` and related modules to handle extension extraction, validation, and processing.
- Modified `v2.rs` to include the `extensions` field in payment payloads.
- Advertised `eip2612GasSponsoring` in supported extensions.
* feat(x402-chain-eip155): add `EOASignature` type for improved signature handling
- Introduced `EOASignature` type for structured, ergonomic handling of Ethereum signatures and serialization.
- Implemented `EOASignatureExt` trait to expose `r`, `s`, and `v` components directly for EIP-155 and related operations.
- Replaced manual signature splitting logic with `EOASignature` in EIP-2612 and `Permit2` flows.
* refactor: eliminate duplication in signature and EIP-712 handling for exact/upto schemes
- Introduced `PreparedPermit2` struct for shared Permit2 operations, streamlining data preparation across verify and settle workflows.
- Replaced repetitive EIP-712 domain and signature parsing logic with the new struct in both `exact` and `upto` schemes.
- Removed redundant allocations and ensured cleaner integration with chain providers.
* refactor: consolidate Permit2 settlement logic with a shared execution flow
- Introduced `execute_permit2_settlement` to centralize signature and settlement handling for both `exact` and `upto` schemes.
- Simplified duplicated signature processing in `facilitator/permit2.rs`, streamlining workflows across signature types (EIP-6492, EIP-1271, EOA).
- Added a shared `MetaTransaction::new` constructor for cleaner instantiation and code reuse.
* refactor: extract `Permit2PaymentPayloadExt` for unified EIP-2612 gas sponsoring handling
- Introduced `Permit2PaymentPayloadExt` trait to centralize EIP-2612 gas sponsoring extraction logic, reducing duplication in verification and settlement.
- Replaced repetitive `eip2612` extension parsing logic in `facilitator/permit2.rs` with the new trait.
- Simplified workflows by eliminating redundant calls and flattening nested code paths.
* refactor: simplify EIP-2612 gas-sponsoring extraction and remove outdated handling
- Streamlined `eip2612_gas_sponsoring` extraction in `Permit2PaymentPayloadExt` by removing unnecessary `Result` wrapping.
- Removed outdated `PaymentPayloadExtensions` struct and redundant extraction logic.
- Updated facilitator implementations to use the simplified method, reducing complexity and redundant error handling.
* feat: add facilitator config to support EIP-2612 gas sponsoring
- Introduced `V2Eip155ExactFacilitatorConfig` with support for EIP-2612 gas sponsoring.
- Updated facilitator construction to accept optional configuration for enhanced flexibility.
- Extended `V2Eip155ExactFacilitator` to handle the new config.
* feat: enhance EIP-2612 gas-sponsoring support with configurable validation
- Made `V2Eip155ExactFacilitatorConfig` public for broader usage.
- Added conditional validation and enforcement of `eip2612_gas_sponsoring` based on facilitator configuration.
- Updated `verify_permit2_payment` and `settle_permit2_payment` to reject unsupported EIP-2612 gas-sponsoring attempts.
- Improved `SupportedResponse` to dynamically advertise the `eip2612GasSponsoring` extension based on configuration.
* feat: add `V2Eip155ExactFacilitatorExtra` for dynamic extension support
- Introduced `V2Eip155ExactFacilitatorExtra` to encapsulate additional response metadata.
- Updated `supported` method to dynamically include supported extensions in the response.
- Improved documentation for `V2Eip155ExactFacilitatorConfig` and related structures.
* feat(x402-chain-eip155): add EIP-2612 gas sponsoring support for Permit2 payments
- Added `Permit2PaymentPayloadExt` trait for unified EIP-2612 gas sponsoring handling
- Added new `EOASignature` type for improved signature handling
- Consolidated Permit2 settlement logic with shared execution flow
- Updated `X402ExactPermit2Proxy.json` to current SDK version
- Bumped version to 1.4.3
* Adapts the facilitator for mechanism updates for the Aptos Scheme (x402-rs#73)
* Adapt aptos to scheme updates
* Update facilitator and tests
* refactor: make `resource` fields optional for improved flexibility and consistency (x402-rs#79)
- Updated `ResourceInfo` fields in `paygate.rs`, `v2.rs`, `v2_eip155_exact`, and `v2_solana_exact` to use `Option<ResourceInfo>`.
- Aligned serialization and validation logic to handle optional resources.
- Improved compatibility with use cases requiring absence of resource details.
* chore: bump crate versions to 1.4.4 across the project
* Update changelog for version 1.4.4 with details on optional `resource` fields adjustment
* chore: bump version to 1.4.5
* feat: add `DecimalU256` for decimal string serialization and update `PaymentRequirements` usage
- Introduced `DecimalU256` type to serialize/deserialize `U256` amounts as decimal strings compliant with x402 V2 wire format.
- Updated `PaymentRequirements` to use `DecimalU256` for consistent amount handling.
- Applied `DecimalU256` casting throughout `v2_eip155_exact` modules for compatibility.
- Adjusted header names in `paygate.rs` to align with standard conventions.
- Made `resource` fields in `proto/v2.rs` optional and added default serialization behavior.
* feat(x402-chain-eip155): validate required contract addresses during provider initialization
- Introduced `REQUIRED_CONTRACT_ADDRESSES` constant for essential contract address validation.
- Added `assert_contracts_exists` method to ensure required contracts are deployed with non-empty code during provider setup.
* chore: bump crate versions to 1.4.6
* refactor(x402-facilitator-local): rename `error_reason_details` to `error_message` in scheme handler error
* chore: bump crate versions to 1.4.7
* fix: Added `FacilitatorContract` trait to decouple facilitator implementations from specific request/response types.
- Reorganized long nested method calls for better clarity.
- Enabled default `ProtoContract` support for production usage.
* chore: bump crate versions to 1.4.8
* feat(x402-facilitator-local): implement `AsJsonValue` trait for `FacilitatorLocalError`
- Added `as_json_value` method to convert `FacilitatorLocalError` into `serde_json::Value`.
- Refactored error handling with structured error response types: `VerificationErrorResponse` and `SettlementErrorResponse`.
- Bump crate versions to 1.4.9.
* fix(x402-facilitator-local): update error type for unsupported scheme to `Settlement`
- Adjusted `FacilitatorLocalError` to use `Settlement` instead of `Verification` for unsupported scheme errors.
- Bump crate versions to 1.4.10.
* feat(eip155): add sync_send (EIP-7966) and poll_interval_ms config
Adds two chain-config fields for Monad and other fast-finality EVM chains:
- `poll_interval_ms` (Option<u64>): RPC poll interval override; default
remains 7000ms. Lower values improve latency on chains with sub-second
block times.
- `sync_send` (bool): when true, use `eth_sendRawTransactionSync`
(EIP-7966) to receive transaction receipts in a single RPC call instead
of poll-after-send. Settlement no longer depends on `poll_interval_ms`
or `receipt_timeout_secs` when this is enabled.
Drops the parallel-developed protocol-compliance work from the previous
sync (#1) in favor of upstream's canonical version.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix: drop c7275e2 leaks that auto-merged via -X ours
The merge of origin/main with -X ours resolved CONTENT conflicts in our
favor, but auto-applied non-conflicting c7275e2 changes that we don't
want on this branch:
- crates/chains/x402-chain-eip155/src/chain/types.rs: c7275e2 dropped the
closing brace of `impl Serialize for DecimalU256` (compile-broken).
- crates/chains/x402-chain-eip155/src/v2_eip155_exact/client.rs:
c7275e2 removed a `.into()` that upstream's evolved type still requires.
- crates/chains/x402-chain-aptos/src/v2_aptos_exact/facilitator.rs:
cosmetic format!() reflow — revert to stay closer to upstream.
- config.json.example: previously deleted in error; upstream maintains
this as a separate, simpler reference distinct from
facilitator/config.json.example.
Branch now equals upstream/main + the single EIP-7966 commit (4 files,
88 insertions, 24 deletions).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(protocol-compliance): patch vite/rollup CVEs; pin @x402/* to upstream-tested versions
Addresses Semgrep findings on the test-harness lockfile:
- vite: 7.3.1 → 7.3.3 (GHSA-cpgw-w635-mmpx, GHSA-jqfw-vq24-v9c3 — dev
server filesystem read bypass + server.fs.deny bypass)
- rollup: 4.57.1 → 4.60.4 (GHSA-gcx4-mw62-g8wm — path traversal in chunk
name resolution)
Adds pnpm.overrides to keep @x402/* deps at the versions upstream tests
against (2.3.x). Bumping @x402/svm to 2.12.0 would force @x402/evm to a
breaking Permit2Witness API change (witness shape changed: `extra: bytes`
removed, `facilitator: address` added). The protocol-compliance harness
would need real protocol-level rework to absorb that change — out of scope
for this sync.
The @x402/svm vulnerability (GHSA-2vfh-x32f-86qj — Solana payment
signature verification bypass) applies only to facilitator-role usage,
not the client-side usage in our test harness. Tracked separately for an
upstream-aligned SDK upgrade.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(protocol-compliance): note Monad-fork SVM stance + pnpm.overrides rationale
This fork is EVM-only (Monad); Solana/Aptos paths aren't exercised by our
deployment. Documents why @x402/svm is pinned at 2.3.0 via pnpm.overrides:
bumping cascades to a breaking Permit2Witness change in @x402/evm, and
the flagged vuln in @x402/svm is on the facilitator role we don't run.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(protocol-compliance): bump @x402/* to 2.12.x; adopt SDK's native UptoEvmScheme
Properly addresses the @x402/svm GHSA-2vfh-x32f-86qj rather than working
around it. The cascade through @x402/evm@2.12 was previously blocked by
a breaking Permit2Witness change that broke the custom
upto-evm-scheme.ts. Resolution: @x402/evm@2.12 now ships native
UptoEvmScheme classes at @x402/evm/upto/{client,server} that fully
replace the custom 176-line wrapper. Net diff: -1187/+105.
- @x402/svm: 2.3.0 -> 2.12.0 (patches Ed25519 verify bypass)
- @x402/{core,evm,fetch,hono}: 2.3.x -> 2.12.x (co-versioned cascade)
- Drop @x402/* pins from pnpm.overrides; keep vite ^7.3.3 override
- Delete protocol-compliance/src/utils/upto-evm-scheme.ts (obsolete)
- Update client.ts/server.ts to import UptoEvmScheme from @x402/evm/upto
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: cargo update — clear 10 advisories from production-path transitives
Pure lockfile bump within existing Cargo.toml semver ranges. No source
changes, no Cargo.toml changes. Cleans the most security-relevant
advisories in the audit surface.
Resolved (10 RUSTSEC IDs across 5 crates):
- rustls-webpki 0.103.10 -> 0.103.13 (RUSTSEC-2026-0049/0098/0099/0104:
CRL panic + URI/wildcard name-constraint bypasses)
- aws-lc-sys 0.39.1 -> 0.41.0 (RUSTSEC-2026-0044/0045/0046/0047/0048:
PKCS7 verify bypass, X.509 name-constraint bypass, AES-CCM timing,
CRL scope check, X.509 CN unicode handling)
- rustls 0.23.37 -> 0.23.40 (transitive cascade)
- aws-lc-rs 1.16.2 -> 1.17.0 (transitive cascade)
- webpki-roots 1.0.6 -> 1.0.7 (transitive cascade)
cargo audit summary: 16 vulns + 21 warnings -> 6 vulns + 18 warnings.
Remaining 6 advisories are all reachable only via optional
chain-aptos / chain-solana features — not linked into the production
binary (which builds with --no-default-features --features
chain-eip155,telemetry per the Dockerfile).
Verified: cargo check on x402-types, x402-facilitator-local,
x402-chain-eip155 still passes clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Sergey Ukustov <sergey@ukstv.me>
Co-authored-by: ampactor <obelisk.morgan@proton.me>
Co-authored-by: Jon <jtang17@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent c7275e2 commit 17905c8
24 files changed
Lines changed: 2374 additions & 2661 deletions
File tree
- crates
- chains
- x402-chain-aptos/src/v2_aptos_exact
- x402-chain-eip155/src
- chain
- v2_eip155_exact
- x402-axum/src
- x402-facilitator-local/src
- util
- x402-types/src
- proto
- protocol-compliance
- src/utils
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
9 | | - | |
10 | | - | |
11 | | - | |
12 | | - | |
13 | | - | |
14 | 8 | | |
15 | 9 | | |
16 | 10 | | |
| |||
0 commit comments