@alleyboss/micropay-solana-x402-paywall 3.3.0 → 3.3.1

package/README.md

@@ -186,6 +186,7 @@ function PaywallBanner({ priceInLamports }) {
 
 We're actively working on these exciting features:
 
+### Core Features
 | Feature | Status | Description |
 |---------|--------|-------------|
 | ⚡ **Jupiter Swap-on-Pay** | 🔜 Coming Soon | Pay with any token, auto-swap to SOL/USDC |
@@ -194,6 +195,20 @@ We're actively working on these exciting features:
 | 🌳 **Compressed NFTs** | 🔜 Planned | Scalable access tokens via cNFTs |
 | 🔄 **Payment Streaming** | 🔜 Planned | Pay-as-you-consume for APIs |
 
+### For Solana Power Users
+| Feature | Status | Description |
+|---------|--------|-------------|
+| 🚀 **Jito Bundle Support** | 🔜 Planned | Guaranteed transaction inclusion via MEV |
+| 📡 **WebSocket Confirmations** | 🔜 Planned | Real-time confirmation, no polling |
+| 📋 **Lookup Tables** | 🔜 Planned | Batch payments efficiency for agents |
+
+### For x402 Protocol Ecosystem
+| Feature | Status | Description |
+|---------|--------|-------------|
+| 💳 **Coinbase Commerce** | 🔜 Planned | Accept payments via Coinbase Pay |
+| 🤖 **CDP Agent Wallets** | 🔜 Planned | Coinbase Developer Platform integration |
+| 🔷 **Base Network Support** | 🔜 Planned | EVM x402 payments on Base L2 |
+
 Want to contribute or sponsor a feature? Open an issue on [GitHub](https://github.com/AlleyBo55/micropay-solana-x402-paywall)!
 
 ## 📚 Documentation

package/dist/client/index.cjs

@@ -182,13 +182,17 @@ function usePaywallResource({
         if (wwwAuth) {
           setPaymentHeader(wwwAuth);
           try {
-            const match = wwwAuth.match(/amount="([^"]+)",\s*payTo="([^"]+)"/);
-            if (match) {
-              setPrice(BigInt(match[1]));
-              setRecipient(match[2]);
+            const { decodePaymentRequiredHeader: decodePaymentRequiredHeader2 } = await import('@x402/core/http');
+            const cleanHeader = wwwAuth.replace(/^[Xx]402\s+/, "");
+            const decoded = decodePaymentRequiredHeader2(cleanHeader);
+            const accepts = Array.isArray(decoded.accepts) ? decoded.accepts[0] : decoded.accepts;
+            if (accepts) {
+              const amountStr = accepts.amount || accepts.maxAmountRequired || "0";
+              setPrice(BigInt(amountStr));
+              setRecipient(accepts.payTo);
             }
           } catch (e) {
-            console.warn("Failed to parse 402 details from header", e);
+            console.warn("[usePaywallResource] Failed to parse x402 header:", e);
           }
         }
         setIsLocked(true);

package/dist/client/index.js

@@ -180,13 +180,17 @@ function usePaywallResource({
         if (wwwAuth) {
           setPaymentHeader(wwwAuth);
           try {
-            const match = wwwAuth.match(/amount="([^"]+)",\s*payTo="([^"]+)"/);
-            if (match) {
-              setPrice(BigInt(match[1]));
-              setRecipient(match[2]);
+            const { decodePaymentRequiredHeader: decodePaymentRequiredHeader2 } = await import('@x402/core/http');
+            const cleanHeader = wwwAuth.replace(/^[Xx]402\s+/, "");
+            const decoded = decodePaymentRequiredHeader2(cleanHeader);
+            const accepts = Array.isArray(decoded.accepts) ? decoded.accepts[0] : decoded.accepts;
+            if (accepts) {
+              const amountStr = accepts.amount || accepts.maxAmountRequired || "0";
+              setPrice(BigInt(amountStr));
+              setRecipient(accepts.payTo);
             }
           } catch (e) {
-            console.warn("Failed to parse 402 details from header", e);
+            console.warn("[usePaywallResource] Failed to parse x402 header:", e);
           }
         }
         setIsLocked(true);

package/dist/index.cjs

@@ -194,13 +194,17 @@ function usePaywallResource({
         if (wwwAuth) {
           setPaymentHeader(wwwAuth);
           try {
-            const match = wwwAuth.match(/amount="([^"]+)",\s*payTo="([^"]+)"/);
-            if (match) {
-              setPrice(BigInt(match[1]));
-              setRecipient(match[2]);
+            const { decodePaymentRequiredHeader: decodePaymentRequiredHeader2 } = await import('@x402/core/http');
+            const cleanHeader = wwwAuth.replace(/^[Xx]402\s+/, "");
+            const decoded = decodePaymentRequiredHeader2(cleanHeader);
+            const accepts = Array.isArray(decoded.accepts) ? decoded.accepts[0] : decoded.accepts;
+            if (accepts) {
+              const amountStr = accepts.amount || accepts.maxAmountRequired || "0";
+              setPrice(BigInt(amountStr));
+              setRecipient(accepts.payTo);
             }
           } catch (e) {
-            console.warn("Failed to parse 402 details from header", e);
+            console.warn("[usePaywallResource] Failed to parse x402 header:", e);
           }
         }
         setIsLocked(true);

package/dist/index.js

@@ -188,13 +188,17 @@ function usePaywallResource({
         if (wwwAuth) {
           setPaymentHeader(wwwAuth);
           try {
-            const match = wwwAuth.match(/amount="([^"]+)",\s*payTo="([^"]+)"/);
-            if (match) {
-              setPrice(BigInt(match[1]));
-              setRecipient(match[2]);
+            const { decodePaymentRequiredHeader: decodePaymentRequiredHeader2 } = await import('@x402/core/http');
+            const cleanHeader = wwwAuth.replace(/^[Xx]402\s+/, "");
+            const decoded = decodePaymentRequiredHeader2(cleanHeader);
+            const accepts = Array.isArray(decoded.accepts) ? decoded.accepts[0] : decoded.accepts;
+            if (accepts) {
+              const amountStr = accepts.amount || accepts.maxAmountRequired || "0";
+              setPrice(BigInt(amountStr));
+              setRecipient(accepts.payTo);
             }
           } catch (e) {
-            console.warn("Failed to parse 402 details from header", e);
+            console.warn("[usePaywallResource] Failed to parse x402 header:", e);
           }
         }
         setIsLocked(true);

package/dist/next/index.cjs

@@ -20,20 +20,48 @@ var LocalSvmFacilitator = class {
    * Get supported payment kinds
    * Mocking the response of the /supported endpoint
    */
-  // Network Constants - CAIP-2 format for x402 v2
+  /**
+   * Network Constants - CAIP-2 format for x402 v2
+   * These match the official Solana chain IDs used by x402 protocol
+   */
   NETWORKS = {
     DEVNET: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",
     MAINNET: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"
   };
-  // Dummy fee payer address (System Program) - not used in local verification
-  // but required by x402 protocol for supported kinds
+  /**
+   * DUMMY_FEE_PAYER Explanation (for auditors):
+   * 
+   * In a HOSTED facilitator (like x402.org), the `feePayer` field in the 
+   * SupportedResponse.extra specifies which address will pay transaction fees
+   * when the facilitator submits transactions on behalf of users.
+   * 
+   * In LOCAL/SELF-SOVEREIGN mode (this implementation):
+   * - The USER pays their own transaction fees directly
+   * - The facilitator NEVER submits transactions - it only VERIFIES them
+   * - Therefore, no fee payer address is actually used
+   * 
+   * However, the x402 protocol REQUIRES this field in the response schema.
+   * We use the System Program address (all 1s) as a placeholder because:
+   * 1. It's clearly not a real wallet (obvious placeholder)
+   * 2. It cannot receive funds or sign transactions
+   * 3. It signals to developers that fee paying is handled differently
+   * 
+   * SECURITY NOTE: This is NOT a security risk because:
+   * - The fee payer is never used in verify() or settle() methods
+   * - Users sign and pay for their own transactions
+   * - The address is just a protocol-required placeholder
+   * 
+   * @see https://docs.x402.org for protocol specification
+   */
   DUMMY_FEE_PAYER = "11111111111111111111111111111111";
   /**
    * Get supported payment kinds
    * Returns x402 v2 compatible response with CAIP-2 network identifiers
+   * 
+   * NOTE: The feePayer in extra.feePayer is a placeholder only.
+   * In self-sovereign mode, users pay their own transaction fees.
    */
   async getSupported(_extensionKeys = []) {
-    console.log("[LocalSvmFacilitator] getSupported called");
     const supported = {
       kinds: [
         {
@@ -51,10 +79,10 @@ var LocalSvmFacilitator = class {
       ],
       extensions: [],
       signers: {
+        // Placeholder - in self-sovereign mode, users are their own signers
         "solana:*": [this.DUMMY_FEE_PAYER]
       }
     };
-    console.log("[LocalSvmFacilitator] Returning supported:", JSON.stringify(supported));
     return supported;
   }
   /**

package/dist/next/index.js

@@ -19,20 +19,48 @@ var LocalSvmFacilitator = class {
    * Get supported payment kinds
    * Mocking the response of the /supported endpoint
    */
-  // Network Constants - CAIP-2 format for x402 v2
+  /**
+   * Network Constants - CAIP-2 format for x402 v2
+   * These match the official Solana chain IDs used by x402 protocol
+   */
   NETWORKS = {
     DEVNET: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",
     MAINNET: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"
   };
-  // Dummy fee payer address (System Program) - not used in local verification
-  // but required by x402 protocol for supported kinds
+  /**
+   * DUMMY_FEE_PAYER Explanation (for auditors):
+   * 
+   * In a HOSTED facilitator (like x402.org), the `feePayer` field in the 
+   * SupportedResponse.extra specifies which address will pay transaction fees
+   * when the facilitator submits transactions on behalf of users.
+   * 
+   * In LOCAL/SELF-SOVEREIGN mode (this implementation):
+   * - The USER pays their own transaction fees directly
+   * - The facilitator NEVER submits transactions - it only VERIFIES them
+   * - Therefore, no fee payer address is actually used
+   * 
+   * However, the x402 protocol REQUIRES this field in the response schema.
+   * We use the System Program address (all 1s) as a placeholder because:
+   * 1. It's clearly not a real wallet (obvious placeholder)
+   * 2. It cannot receive funds or sign transactions
+   * 3. It signals to developers that fee paying is handled differently
+   * 
+   * SECURITY NOTE: This is NOT a security risk because:
+   * - The fee payer is never used in verify() or settle() methods
+   * - Users sign and pay for their own transactions
+   * - The address is just a protocol-required placeholder
+   * 
+   * @see https://docs.x402.org for protocol specification
+   */
   DUMMY_FEE_PAYER = "11111111111111111111111111111111";
   /**
    * Get supported payment kinds
    * Returns x402 v2 compatible response with CAIP-2 network identifiers
+   * 
+   * NOTE: The feePayer in extra.feePayer is a placeholder only.
+   * In self-sovereign mode, users pay their own transaction fees.
    */
   async getSupported(_extensionKeys = []) {
-    console.log("[LocalSvmFacilitator] getSupported called");
     const supported = {
       kinds: [
         {
@@ -50,10 +78,10 @@ var LocalSvmFacilitator = class {
       ],
       extensions: [],
       signers: {
+        // Placeholder - in self-sovereign mode, users are their own signers
         "solana:*": [this.DUMMY_FEE_PAYER]
       }
     };
-    console.log("[LocalSvmFacilitator] Returning supported:", JSON.stringify(supported));
     return supported;
   }
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@alleyboss/micropay-solana-x402-paywall",
-    "version": "3.3.0",
+    "version": "3.3.1",
     "description": "Production-ready Solana micropayments library wrapper for official x402 SDK",
     "author": "AlleyBoss",
     "license": "MIT",
@@ -135,4 +135,4 @@
     "engines": {
         "node": ">=18"
     }
-}
+}