@agent-score/commerce 1.2.0 → 1.3.0

package/dist/payment/index.js

@@ -23,12 +23,12 @@ __export(payment_exports, {
   SETTLEMENT_OVERRIDES_HEADER: () => SETTLEMENT_OVERRIDES_HEADER,
   USDC: () => USDC,
   X402_SUPPORTED_BASE_NETWORKS: () => X402_SUPPORTED_BASE_NETWORKS,
-  X402_SUPPORTED_SVM_NETWORKS: () => X402_SUPPORTED_SVM_NETWORKS,
   aliasAmountFields: () => aliasAmountFields,
   buildIdempotencyKey: () => buildIdempotencyKey,
   buildPaymentDirective: () => buildPaymentDirective,
   buildPaymentHeaders: () => buildPaymentHeaders,
   buildPaymentRequestBlob: () => buildPaymentRequestBlob,
+  classifyX402SettleResult: () => classifyX402SettleResult,
   createMppxServer: () => createMppxServer,
   createX402Server: () => createX402Server,
   dispatchSettlementByNetwork: () => dispatchSettlementByNetwork,
@@ -141,15 +141,15 @@ var rails = {
     decimals: USDC.base.sepolia.decimals,
     asset: USDC.base.sepolia.address
   },
-  "x402-solana-mainnet": {
-    method: "x402",
+  "mpp-solana-mainnet": {
+    method: "solana",
     network: networks.solana.mainnet.caip2,
     currency: USDC.solana.mainnet.mint,
     decimals: USDC.solana.mainnet.decimals,
     asset: USDC.solana.mainnet.mint
   },
-  "x402-solana-devnet": {
-    method: "x402",
+  "mpp-solana-devnet": {
+    method: "solana",
     network: networks.solana.devnet.caip2,
     currency: USDC.solana.devnet.mint,
     decimals: USDC.solana.devnet.decimals,
@@ -219,11 +219,6 @@ function registerX402SchemesV1V2(server, network, scheme) {
 
 // src/payment/x402_server.ts
 async function createX402Server(opts = {}) {
-  for (const rail of opts.rails ?? []) {
-    if (rail.startsWith("x402-solana") && rail.endsWith("-upto")) {
-      throw new Error(`Rail "${rail}" not supported \u2014 @x402/svm does not ship an upto scheme yet (EVM-only).`);
-    }
-  }
   const x402Core = await dynamicImport("@x402/core/server") ?? null;
   if (!x402Core) {
     throw new Error(
@@ -247,7 +242,6 @@ async function createX402Server(opts = {}) {
   const server = new x402Core.x402ResourceServer(facilitator);
   let evmExactModule = null;
   let evmUptoModule = null;
-  let svmModule = null;
   for (const rail of opts.rails ?? []) {
     const isUpto = rail.endsWith("-upto");
     if (rail.startsWith("x402-base")) {
@@ -266,13 +260,6 @@ async function createX402Server(opts = {}) {
         }
         registerX402SchemesV1V2(server, network, new evmExactModule.ExactEvmScheme());
       }
-    } else if (rail.startsWith("x402-solana")) {
-      svmModule ??= await dynamicImport("@x402/svm/exact/server");
-      if (!svmModule?.ExactSvmScheme) {
-        throw new Error("@x402/svm not installed \u2014 `npm install @x402/svm` for x402 solana rails.");
-      }
-      const network = rail === "x402-solana-mainnet" ? networks.solana.mainnet.caip2 : networks.solana.devnet.caip2;
-      registerX402SchemesV1V2(server, network, new svmModule.ExactSvmScheme());
     }
   }
   for (const { network, scheme } of opts.schemes ?? []) {
@@ -301,9 +288,60 @@ async function dynamicImport(moduleName) {
 }
 
 // src/payment/x402_settle.ts
+function classifyX402SettleResult(result) {
+  if (result.success) return null;
+  switch (result.phase) {
+    case "no_requirements":
+      return {
+        status: 500,
+        code: "payment_internal_error",
+        message: "Failed to build x402 payment requirements for this configuration",
+        nextSteps: {
+          action: "contact_support",
+          user_message: "The merchant could not produce a payment challenge for this request. Try again later or contact support."
+        }
+      };
+    case "verify_failed":
+      return {
+        status: 400,
+        code: "payment_proof_invalid",
+        message: "Payment credential failed verification; regenerate from a fresh 402 challenge",
+        nextSteps: {
+          action: "regenerate_payment_credential",
+          user_message: "The payment credential was rejected at verify time. Discard it, fetch a fresh 402 challenge, and re-sign."
+        }
+      };
+    case "facilitator_error":
+      return {
+        status: 503,
+        code: "payment_provider_unavailable",
+        message: "Payment provider could not process this network configuration",
+        nextSteps: {
+          action: "try_different_rail",
+          user_message: "This rail is currently unavailable. Pick a different rail from the 402 challenge and retry."
+        }
+      };
+    case "settle_failed":
+      return {
+        status: 503,
+        code: "payment_provider_unavailable",
+        message: "Payment credential verified but on-chain settlement failed",
+        nextSteps: {
+          action: "retry_or_swap_method",
+          retry_after_seconds: 10,
+          user_message: "Transient settlement error. Retry in a few seconds, or pick a different rail from the 402 challenge."
+        }
+      };
+  }
+}
 async function processX402Settle(input) {
   const server = input.x402Server;
-  const builtRequirements = await server.buildPaymentRequirements(input.resourceConfig);
+  let builtRequirements;
+  try {
+    builtRequirements = await server.buildPaymentRequirements(input.resourceConfig);
+  } catch (err) {
+    return { success: false, phase: "facilitator_error", step: "build_requirements", error: err };
+  }
   const matchedRequirement = builtRequirements[0];
   if (!matchedRequirement) {
     return { success: false, phase: "no_requirements", reason: "x402Server.buildPaymentRequirements returned empty" };
@@ -312,13 +350,23 @@ async function processX402Settle(input) {
     const path = new URL(input.resourceMeta.url).pathname;
     return { method: "POST", adapter: { getPath: () => path }, routePattern: path };
   })();
-  const enrichedExt = input.extension !== void 0 ? server.enrichExtensions(input.extension, transportContext) : void 0;
-  const verifyResult = await server.processPaymentRequest(
-    input.payload,
-    input.resourceConfig,
-    input.resourceMeta,
-    enrichedExt
-  );
+  let enrichedExt;
+  try {
+    enrichedExt = input.extension !== void 0 ? server.enrichExtensions(input.extension, transportContext) : void 0;
+  } catch (err) {
+    return { success: false, phase: "facilitator_error", step: "enrich_extensions", error: err };
+  }
+  let verifyResult;
+  try {
+    verifyResult = await server.processPaymentRequest(
+      input.payload,
+      input.resourceConfig,
+      input.resourceMeta,
+      enrichedExt
+    );
+  } catch (err) {
+    return { success: false, phase: "facilitator_error", step: "process_payment_request", error: err };
+  }
   if (!verifyResult.success) {
     return { success: false, phase: "verify_failed", verifyResult };
   }
@@ -342,30 +390,15 @@ var X402_SUPPORTED_BASE_NETWORKS = /* @__PURE__ */ new Set([
   networks.base.mainnet.caip2,
   networks.base.sepolia.caip2
 ]);
-var X402_SUPPORTED_SVM_NETWORKS = /* @__PURE__ */ new Set([
-  networks.solana.mainnet.caip2,
-  networks.solana.devnet.caip2
-]);
 function validateX402NetworkConfig(input) {
   if (!X402_SUPPORTED_BASE_NETWORKS.has(input.baseNetwork)) {
     throw new Error(
       `X402_BASE_NETWORK=${input.baseNetwork} is not supported. Use one of: ${[...X402_SUPPORTED_BASE_NETWORKS].join(", ")}`
     );
   }
-  if (!X402_SUPPORTED_SVM_NETWORKS.has(input.svmNetwork)) {
-    throw new Error(
-      `X402_SVM_NETWORK=${input.svmNetwork} is not supported. Use one of: ${[...X402_SUPPORTED_SVM_NETWORKS].join(", ")}`
-    );
-  }
-  if (input.baseNetwork === input.svmNetwork) {
-    throw new Error(
-      `X402_BASE_NETWORK and X402_SVM_NETWORK must be different (both set to ${input.baseNetwork}).`
-    );
-  }
 }
 var EVM_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
-var SOLANA_ADDRESS_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
-var REGENERATE_WARNING = "If you're trying to pay with Tempo USDC, use `tempo request` (sends Authorization: Payment), not a manual X-Payment header. Do NOT use `tempo wallet transfer` \u2014 that sends USDC on-chain but will not complete the MPP handshake. For x402 on Base/Solana, use `agentscore-pay pay` so the X-Payment credential is signed and submitted; bare wallet transfers do not complete the handshake.";
+var REGENERATE_WARNING = "Use `agentscore-pay pay --chain base` (or `tempo request` for Tempo USDC) so the credential is signed and submitted via the protocol handshake. Do NOT use `tempo wallet transfer` \u2014 that sends USDC on-chain but does not complete the handshake.";
 function regenerateBody(message, userMessage) {
   return {
     error: { code: "payment_proof_invalid", message },
@@ -403,18 +436,27 @@ async function verifyX402Request(input) {
   }
   const signedNetwork = payload.accepted?.network;
   const signedPayTo = payload.accepted?.payTo;
-  if (!signedNetwork || signedNetwork !== input.acceptedNetworks.base && signedNetwork !== input.acceptedNetworks.svm) {
+  if (!signedNetwork || signedNetwork !== input.acceptedNetwork) {
+    if (signedNetwork && signedNetwork.toLowerCase().startsWith("solana:")) {
+      return {
+        ok: false,
+        status: 400,
+        body: regenerateBody(
+          `x402 on ${signedNetwork} is not accepted; Solana payments must use the \`solana/charge\` rail advertised in the 402 challenge. This server accepts x402 on ${input.acceptedNetwork} only.`,
+          "Solana payments are not accepted over x402 at this merchant. Pick the `solana/charge` rail from the 402 challenge and re-sign."
+        )
+      };
+    }
     return {
       ok: false,
       status: 400,
       body: regenerateBody(
-        `Unsupported x402 network ${signedNetwork ?? "<missing>"}; this server accepts ${input.acceptedNetworks.base} (Base) and ${input.acceptedNetworks.svm} (Solana)`,
-        "The credential signed for an unsupported network. Pick one of the accepted networks from the 402 challenge and re-sign."
+        `Unsupported x402 network ${signedNetwork ?? "<missing>"}; this server accepts ${input.acceptedNetwork}.`,
+        "The credential signed for an unsupported network. Pick the accepted network from the 402 challenge and re-sign."
       )
     };
   }
-  const isSolana = networkFamily(signedNetwork) === "solana";
-  const addressShapeOk = isSolana ? typeof signedPayTo === "string" && SOLANA_ADDRESS_RE.test(signedPayTo) : typeof signedPayTo === "string" && EVM_ADDRESS_RE.test(signedPayTo);
+  const addressShapeOk = typeof signedPayTo === "string" && EVM_ADDRESS_RE.test(signedPayTo);
   if (!signedPayTo || !addressShapeOk) {
     return {
       ok: false,
@@ -435,7 +477,7 @@ async function verifyX402Request(input) {
       )
     };
   }
-  return { ok: true, payload, signedNetwork, signedPayTo, isSolana };
+  return { ok: true, payload, signedNetwork, signedPayTo };
 }
 
 // src/stripe-multichain/mppx_stripe.ts
@@ -494,6 +536,29 @@ async function createMppxServer(opts) {
       })
     );
   }
+  if (opts.rails?.solana) {
+    const solanaMpp = await dynamicImport2("@solana/mpp/server");
+    if (!solanaMpp?.charge) {
+      throw new Error(
+        "@solana/mpp not installed \u2014 `npm install @solana/mpp @solana/kit` to use the solana rail."
+      );
+    }
+    const s = opts.rails.solana;
+    const network = s.network ?? "mainnet-beta";
+    const defaultMint = network === "mainnet-beta" ? USDC.solana.mainnet.mint : USDC.solana.devnet.mint;
+    const defaultDecimals = network === "mainnet-beta" ? USDC.solana.mainnet.decimals : USDC.solana.devnet.decimals;
+    methods.push(
+      solanaMpp.charge({
+        recipient: s.recipient,
+        currency: s.currency ?? defaultMint,
+        decimals: s.decimals ?? defaultDecimals,
+        network,
+        ...s.rpcUrl ? { rpcUrl: s.rpcUrl } : {},
+        ...s.signer ? { signer: s.signer } : {},
+        ...s.tokenProgram ? { tokenProgram: s.tokenProgram } : {}
+      })
+    );
+  }
   if (opts.rails?.stripe) {
     const stripeMethod = await createMppxStripe(opts.rails.stripe);
     methods.push(stripeMethod);
@@ -601,6 +666,44 @@ function clampKey(key) {
 }
 
 // src/signer.ts
+var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var TRANSFER_CHECKED_DISCRIMINATOR = 12;
+async function extractSolanaSignerFromCredential(credential) {
+  const payload = credential.payload;
+  if (!payload?.transaction || payload.type !== "transaction") return null;
+  const moduleName = "@solana/kit";
+  const kit = await import(moduleName).catch(() => null);
+  if (!kit?.getBase64Codec || !kit.getTransactionDecoder || !kit.getCompiledTransactionMessageDecoder) {
+    return null;
+  }
+  try {
+    const txBytes = kit.getBase64Codec().encode(payload.transaction);
+    const decoded = kit.getTransactionDecoder().decode(txBytes);
+    const message = kit.getCompiledTransactionMessageDecoder().decode(decoded.messageBytes);
+    for (const ix of message.instructions) {
+      const programId = message.staticAccounts[ix.programAddressIndex];
+      if (programId !== TOKEN_PROGRAM && programId !== TOKEN_2022_PROGRAM) continue;
+      const data = ix.data;
+      if (!data || data.length === 0 || data[0] !== TRANSFER_CHECKED_DISCRIMINATOR) continue;
+      const accountIndices = ix.accountIndices ?? [];
+      const authorityIndex = accountIndices[3];
+      if (authorityIndex === void 0) continue;
+      if (authorityIndex >= message.staticAccounts.length) {
+        console.warn(
+          "[gate] Solana TransferChecked authority resolves through an address lookup table; signer-match recovery requires the static-account form. Skipping."
+        );
+        continue;
+      }
+      const authority = message.staticAccounts[authorityIndex];
+      if (authority) return authority;
+    }
+    return null;
+  } catch (err) {
+    console.warn("[gate] Solana credential decode failed:", err instanceof Error ? err.message : err);
+    return null;
+  }
+}
 async function extractPaymentSigner(request, x402PaymentHeader) {
   const authHeader = request.headers.get("authorization");
   if (authHeader) {
@@ -610,8 +713,12 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
       if (mppx?.Credential?.extractPaymentScheme(authHeader)) {
         const credential = mppx.Credential.fromRequest(request);
         const source = credential.source;
-        const match = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
-        if (match) return { address: match[1].toLowerCase(), network: "evm" };
+        const evmMatch = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
+        if (evmMatch) return { address: evmMatch[1].toLowerCase(), network: "evm" };
+        const solMatch = source?.match(/^did:pkh:solana:[1-9A-HJ-NP-Za-km-z]{32,44}:([1-9A-HJ-NP-Za-km-z]{32,44})$/);
+        if (solMatch) return { address: solMatch[1], network: "solana" };
+        const solanaFromTx = await extractSolanaSignerFromCredential(credential);
+        if (solanaFromTx) return { address: solanaFromTx, network: "solana" };
       }
     } catch (err) {
       console.warn("[gate] MPP signer extraction failed:", err instanceof Error ? err.message : err);
@@ -621,28 +728,9 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
     try {
       const decoded = atob(x402PaymentHeader);
       const parsed = JSON.parse(decoded);
-      const network = parsed?.accepted?.network ?? "";
-      if (network.startsWith("eip155:")) {
-        const from = parsed?.payload?.authorization?.from;
-        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
-          return { address: from.toLowerCase(), network: "evm" };
-        }
-      } else if (network.startsWith("solana:")) {
-        const transaction = parsed?.payload?.transaction;
-        if (typeof transaction === "string") {
-          const moduleName = "@x402/svm";
-          const svm = await import(moduleName).catch(() => null);
-          if (svm?.decodeTransactionFromPayload && svm.getTokenPayerFromTransaction) {
-            const tx = svm.decodeTransactionFromPayload({ transaction });
-            const payer = svm.getTokenPayerFromTransaction(tx);
-            if (typeof payer === "string" && payer.length > 0) return { address: payer, network: "solana" };
-          }
-        }
-      } else {
-        const from = parsed?.payload?.authorization?.from;
-        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
-          return { address: from.toLowerCase(), network: "evm" };
-        }
+      const from = parsed?.payload?.authorization?.from;
+      if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
+        return { address: from.toLowerCase(), network: "evm" };
       }
     } catch (err) {
       console.warn("[gate] x402 signer extraction failed:", err instanceof Error ? err.message : err);
@@ -664,12 +752,12 @@ function settlementOverrideHeader(overrides) {
   SETTLEMENT_OVERRIDES_HEADER,
   USDC,
   X402_SUPPORTED_BASE_NETWORKS,
-  X402_SUPPORTED_SVM_NETWORKS,
   aliasAmountFields,
   buildIdempotencyKey,
   buildPaymentDirective,
   buildPaymentHeaders,
   buildPaymentRequestBlob,
+  classifyX402SettleResult,
   createMppxServer,
   createX402Server,
   dispatchSettlementByNetwork,