docs: clarify payment identifier request binding#165
Closed
EfeDurmaz16 wants to merge 105 commits into
Closed
Conversation
…-foundation#1912) * feat: refactor coinbase/x402 references to x402-foundation/x402 * fix: format * chore: changeset fragments for typescript, python and go
* chore: version typescript packages * chore: version python package * chore: version go package
…d settle (x402-foundation#1922) Made-with: Cursor
* add self-facilitation example * fix: regenerate examples/typescript lockfile against public npm registry Lockfile had tarball URLs pointing to internal Coinbase Artifactory, causing pnpm install to fail with ENOTFOUND in CI where that host is unreachable.
…on#1917) * Migrate to @signinwithethereum/siwe Migrate the SIWE dependency to the Ethereum Identity Foundation package. package.json now depends on @signinwithethereum/siwe; evm.ts import was updated to import SiweMessage from the new package. Added a changeset describing the migration. (pnpm lock updated to reflect the dependency change.) * Add siwe v4.1.0 entries to pnpm-lock Update examples/typescript/pnpm-lock.yaml to add @signinwithethereum/[email protected] and @signinwithethereum/[email protected]. Adds package resolutions and snapshot entries, registers peerDependencies (ethers and viem marked optional), and removes the older [email protected] entry in the importer. This pins the example project to the siwe v4 parser/runtime and records its dependency graph in the lockfile.
* feat(specs): add Keeta exact scheme * feat(schemes/keeta): add transaction simulation to verification step This adds a few cheap checks to simulate the transaction and catch invalid blocks early on to prevent the server from doing expensive work unnecessarily.
* Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * add fastify --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com> Co-authored-by: Philippe d'Argent <[email protected]>
…n#1967) * feat(bazaar): add MCP resource type support to Go SDK Add MCP tool discovery extensions to the bazaar package, achieving parity with the TypeScript and Python SDKs. Servers can now declare MCP tool discovery extensions alongside HTTP resources, and facilitators can detect and extract them from payment payloads. Co-Authored-By: Claude <[email protected]> * fix: gofmt formatting and gocritic if-else-chain lint Co-Authored-By: Claude <[email protected]> * fix(bazaar): transport enum, doc examples, inline helper, add negative tests - Fix transport schema enum to include both valid values (streamable-http, sse) instead of only the provided value, matching TypeScript SDK behavior - Fix doc.go examples to use bazaar.BAZAAR.Key() instead of bazaar.BAZAAR - Inline createMcpDiscoveryExtension into DeclareMcpDiscoveryExtension - Add negative validation tests for wrong type and empty toolName - Add edge case tests for whitespace-only toolName and invalid transport Co-Authored-By: Claude <[email protected]> * feat(mcp): wire extensions into PaymentWrapper 402 response Add Extensions field to PaymentWrapperConfig and pass it through to the PaymentRequired struct in 402 responses. This brings the MCP payment wrapper to parity with the HTTP middleware's RouteConfig.Extensions support, enabling bazaar discovery extensions in MCP tool responses. - Add Extensions map to PaymentWrapperConfig (types.go) - Set extensions in paymentRequiredResult (server.go) - Add unit tests for extensions present/absent in 402 (server_test.go) - Declare bazaar MCP extension in E2E server (main.go) - Add bazaar extension integration test (mcp_evm_test.go) Co-Authored-By: Claude <[email protected]> * feat(mcp): wire TS extensions into 402 responses + Go integration tests Add extensions support to the TS MCP PaymentWrapperConfig and pass it through to createPaymentRequiredResponse so bazaar discovery metadata appears in 402 responses. Wire the E2E server with declareDiscoveryExtension for the get_weather tool. Add Go mocked-transport integration tests (5 cases) covering the full client↔server payment flow to match TS mcp-payment-flow.test.ts coverage. Co-Authored-By: Claude <[email protected]> * fix: prettier formatting in MCP test files Co-Authored-By: Claude <[email protected]> * fix(bazaar): address PR review feedback from @CarsonRoscoe - Use strings.TrimSpace for toolName validation to reject whitespace-only names - Allow custom transport values through schema validation (only enum for known transports) - Fix whitespace toolName test to assert error instead of success - Remove conditional guard in TS bazaar extension test so assertions always run Co-Authored-By: Claude <[email protected]> * fix(bazaar): allow custom transport values in TS to match Go behavior Widen transport type from "streamable-http" | "sse" to string, and only apply enum constraint in schema for known transport values. This matches the Go-side fix so custom transports pass validation in both languages. Co-Authored-By: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]>
…d networks support for Typescript (x402-foundation#1560) * Migrate all code from branch-algorand-v2-typescript-algokit * Update format and lint pass on core and examples * Reformat template files * Update: Coinbase review changes applied * Fix Paywall builder pattern * Update: Reverted e2e/legacy, Remove: src/exact/v1 and src/v1 * Add Faucets URLs to AVM README * Optimizing and shrinking PR * Remove dead import * Add optimization changes related unit tests * Update coinbase review changes applied * Update avm e2e, rebased to latest, linted and formatted * Fix avm template format * Remove python and Go AVM templates, Made AVM optional to facilitator and Add SERVER_ADDRESS * Lint and format * Update: made AVM optional in proxy.ts * Rebased and Replayed some commits * Reset e2e pnpm-lock.yaml * Replayed correct updated lockfiles * Reverted accidentally overwritten files during rebase replay * Revert accidental overwritten files in examples
…rdcoding USDC (x402-foundation#1973) The EVM paywall hardcodes "USDC" as the token label in all display text. The payment requirements already carry the token name in extra.name (populated by the server from the default asset registry), but the paywall ignores it. Read extra.name from the first payment requirement and use it for all user-facing token text. Falls back to "USDC" when extra.name is absent (backward compatible with EIP-3009 tokens). 5 display strings updated: - Header: "please pay $X {tokenName}" (was "USDC") - Testnet prompt: "Need {tokenName} on {chainName}?" (was "USDC") - Balance: "$X {tokenName}" (was "USDC") - Amount row: "$X {tokenName}" (was "USDC") - Error: "Make sure you have {tokenName} on {chainName}" (was "USDC") Regenerated Go, Python, and TS paywall templates.
…ME (x402-foundation#1998) The Go EVM mechanism README (introduced in x402-foundation#1983) listed only 4 chains under "Networks with default assets configured": - Base Mainnet, Base Sepolia, MegaETH Mainnet, Monad Mainnet But `go/mechanisms/evm/constants.go` configures 10, and the main docs table at `docs/core-concepts/network-and-token-support.mdx` lists all 10. Restore parity with the constants and the main docs table, in the same order as the mdx table: - Base, Base Sepolia, Polygon, Arbitrum One, Arbitrum Sepolia, Monad, Stable, Stable Testnet, MegaETH, Mezo Testnet All entries verified against `NetworkConfigs` in `go/mechanisms/evm/constants.go`. Follow-up to x402-foundation#1983 which introduced this README.
…ion#1780) - 19 mainnets across 7 blockchain families (EVM, Solana, Sui, Fogo, NEAR, Stellar, Algorand) - 5 stablecoins: USDC, EURC, USDT, AUSD, PYUSD - Schemes: exact, commerce, upto - ERC-8004 reputation integration - Production endpoint: https://facilitator.ultravioletadao.xyz Co-authored-by: 0xultravioleta <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…ndation#2013) All direct viem dependencies now resolve to 2.47.12, adding chain definitions for Mezo Testnet (31611), MegaETH (4326), Stable (988/2201), and others that were missing from earlier locked versions. Lockfile-only change. No package.json range changes — all existing ^2.x ranges already accept 2.47.12.
…tion#1688) Implement the spec change from PR x402-foundation#1682, adding optional seller-defined memo support to the SVM exact scheme across all three SDKs. Client changes (TypeScript, Go, Python - both v1 and v2): - When extra.memo is present, use its UTF-8 value as memo instruction data - When absent, fall back to existing random 16-byte nonce behavior - Validate memo does not exceed MAX_MEMO_BYTES (256) limit Facilitator changes (TypeScript, Go, Python - both v1 and v2): - When extra.memo is present in requirements, verify exactly one memo instruction exists and its data matches the expected value - Return specific error codes: memo_count / memo_mismatch Constants added: - MAX_MEMO_BYTES / MaxMemoBytes (256) across all languages - ERR_MEMO_MISMATCH, ERR_MEMO_COUNT (Python/Go) - ErrMemoExceedsMaxSize (Go client) Tests added: - TypeScript: 4 memo tests in duplicateTx.test.ts - Go: TestSellerMemo with 4 subtests in duplicate_tx_test.go - Python: TestSellerMemo class with 4 tests in test_duplicate_tx.py Closes x402-foundation#1682
* fix workspace settings * fix avm/fastify changelogs * chore: version typescript packages
* remove old changesets * chore(go): release v2.9.0
* Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/core-concepts/network-and-token-support.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-buyers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/getting-started/quickstart-for-sellers.mdx Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor * Update docs/sdk-features.md Generated-By: mintlify-agent Mintlify-Source: dashboard-editor --------- Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* remove legacy examples * add deprecation note
* feat: add Polygon facilitator to ecosystem Adds production-grade x402 facilitator for Polygon networks. - URL: https://x402.polygon.technology - Networks: polygon, polygon-amoy - Schemes: exact - Assets: EIP-3009 - Capabilities: verify, settle * feat: replace polygon logo with rounded icon * feat: update polygon facilitator with docs URL
* chore: version typescript packages * fix format
* Add Writing hub and batch settlement blog post * style(site): format tsconfig.json with Prettier
…on#2269)" (x402-foundation#2270) This reverts commit 973de09.
* add batch-settlement blog post * add img
* Create TSC.md Create TSC.md outlining the technical steering committee members as outlined by the x402 foundation charter. * Fix spelling --------- Co-authored-by: Erik <[email protected]>
* Add escrow scheme specification Introduces the `escrow` scheme for x402, built on Base's Commerce Payments Protocol. Supports two settlement paths: authorize (funds held in escrow) and charge (direct to receiver), both refundable post-settlement. Refs: x402-foundation#834, x402-foundation#1011 Co-Authored-By: Claude Opus 4.6 <[email protected]> * Address review feedback on escrow scheme specs - Generalize scheme_escrow.md to be network-agnostic - Tighten verification: strict amount equality, tokenCollector recipient check, settlement simulation - Add error codes section and assetTransferMethod note - Simplify nonce derivation explanation * Rename scheme to commerce and align spec with implementation - Rename escrow → commerce per reviewer feedback - Add expiry fields to PaymentRequirements example - Align expiry field descriptions and example values Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * spec: rename escrow/commerce scheme to authCapture, add EVM payload schema Renames the scheme directory from commerce/ to authCapture/ and rewrites the EVM spec to cover both ERC-3009 and Permit2 payment-collector paths. Key spec additions: - extra field schema (captureAuthorizer, captureDeadline, refundDeadline, feeRecipient, min/maxFeeBps, autoCapture, assetTransferMethod) - Wire format + EIP-712 derivation tables for ERC-3009 and Permit2 - Spec -> on-chain PaymentInfo field mapping (preserves canonical Solidity names so EIP-712 typehash matches the AuthCaptureEscrow contract) - Universal contract addresses block (CREATE2-deterministic) - Verification step list aligned with facilitator implementation: preApprovalExpiry <= captureDeadline <= refundDeadline (>= allowed, matching contract _validatePayment) * spec: use canonical base/commerce-payments addresses Defer to the live deployment from base/[email protected] instead of redeploying via CREATE2. Drop the now-obsolete inline address tables and salt-scheme paragraph; the Canonical Addresses annex now links to the upstream release notes (and Uniswap deployments docs for Permit2), matching scheme_exact_evm.md's third-party 'Canonical Permit2' annex pattern. --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
…402-foundation#2278) The Permit2 erc20-approval client was hardcoding 1_000_000_000 / 100_000_000 as gas fee fallbacks. TypeScript already exposes these as DEFAULT_MAX_FEE_PER_GAS / DEFAULT_MAX_PRIORITY_FEE_PER_GAS in evm/constants; add the matching Python constants and use them. No behavior change. Also adds the first unit tests for sign_erc20_approval_transaction covering the fallback and successful estimate paths.
* add --ignore-scripts * update to pnpm 11 and node 22 * align dep * fix axios headers * pin workflow actions * fix paywall * remove cache from publishing * add hedera publishing * remove e2e workflow * increase minminimumReleaseAge to 3days
* fix uv build * exclude-newer = 3 days
🟡 Heimdall Review Status
|
github-actions
Bot
added
typescript
go
java
sdk
legacy
examples
specs
docs
website
ci
ecosystem
python
labels
Author
|
Closing this duplicate because it targeted the stale coinbase/x402 mirror and shows conflicts there. The mergeable PR against the active foundation repo is x402-foundation#2307. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
The payment identifier extension is an important idempotency surface. In production, using the identifier alone as the storage key can accidentally reuse a cached result across distinct paid operations if the same backend handles multiple resources or tenants. Binding the identifier to a request/payment fingerprint makes replay handling clearer without changing the extension wire format.
Verification
git diff --check main...HEAD