@three-ws/x402-payment-modal 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -3,15 +3,77 @@
3
3
  All notable changes to `@three-ws/x402-payment-modal` are documented here. This
4
4
  project adheres to [Semantic Versioning](https://semver.org).
5
5
 
6
+ ## 1.2.0
7
+
8
+ Hardening pass for scale and a UX/accessibility overhaul.
9
+
10
+ ### Fixed
11
+
12
+ - **Token-2022 mints now settle.** `prepareSolanaCheckout`
13
+ hardcoded the legacy SPL Token program, so building a Token-2022 payment threw
14
+ `TokenInvalidAccountOwnerError`. The server now detects each mint's owning
15
+ program (legacy vs Token-2022) and derives ATAs, the idempotent-create, and
16
+ `transferChecked` against the right one.
17
+
18
+ ### Added — wallets
19
+
20
+ - **Multi-wallet detection.** Solana now detects Phantom, Solflare, Backpack,
21
+ Glow, and Coinbase Wallet (was Phantom-only); EVM uses **EIP-6963** multi-
22
+ provider discovery (falling back to `window.ethereum[.providers]`) so a user
23
+ with several wallets isn't stuck with whichever won the injection race. The
24
+ connect screen lists every detected wallet; auto-connect only fires when
25
+ exactly one is present.
26
+
27
+ ### Added — developer experience
28
+
29
+ - **First-class React export** — `import { X402Button, useX402 } from
30
+ '@three-ws/x402-payment-modal/react'`. `useX402()` exposes a
31
+ `{ pay, status, result, error, reset, isPaying }` state machine; both are
32
+ SSR-safe (the browser-only core is dynamically imported on first use). `react`
33
+ is an optional peer dependency.
34
+
35
+ ### Added — reliability & scale
36
+
37
+ - **RPC failover** — `prepareSolanaCheckout` / `handleCheckout` accept `rpcUrls`
38
+ (and `devnetRpcUrls`); each is tried in order on a transient RPC error.
39
+ Connections are reused per URL, and unset RPC now warns (the public RPC is a
40
+ load footgun).
41
+ - **Faster, cheaper prepare** — the independent RPC reads (decimals, recipient
42
+ ATA existence, blockhash) run in parallel; USDC/THREE/wSOL decimals + program
43
+ are short-circuited; recipient-ATA existence and mint metadata are cached
44
+ (LRU-bounded). Cluster-scoped caches survive RPC failover.
45
+ - **Resilient crypto-helper loading** — the on-demand `@solana/web3.js` /
46
+ `@noble/hashes` import now falls back across multiple independent CDNs with a
47
+ per-attempt timeout, and is pre-warmed when the modal opens. A single CDN
48
+ outage no longer breaks Solana payments. Set `configure({ esm })` to self-host.
49
+ - **Idempotency key** — one key per payment, reused across every retry and "Try
50
+ again", sent as `Idempotency-Key` so a re-sent payment settles at most once.
51
+ - Unexpected checkout failures are now logged (root cause) instead of collapsing
52
+ silently into a generic 502; pass `options.logger` to route them.
53
+
54
+ ### Added — UX, UI & accessibility
55
+
56
+ - **Design-token theming** — the full palette is exposed as `--x402-*` CSS custom
57
+ properties. `configure({ theme: 'light'|'dark'|'auto', cssVars, brand: { logo } })`
58
+ forces a color scheme, brand-matches tokens at runtime, and shows a header logo.
59
+ - **Accessibility** — focus trap + focus restore, `aria-live` step announcements,
60
+ `:focus-visible` rings, `prefers-reduced-motion` support, and WCAG-AA contrast.
61
+ - **Polish** — crisp inline SVG icons (close, lock, wallet, success check),
62
+ an animated success receipt, step cross-fade, shimmer skeletons during
63
+ discovery, a mobile bottom-sheet layout with safe-area insets, humanized error
64
+ copy (no internal step ids), an install-a-wallet hint when none is detected,
65
+ a "you authorize exactly X — nothing more" trust line, and prose rendering for
66
+ string results.
67
+
6
68
  ## 1.1.0
7
69
 
8
70
  ### Added
9
71
 
10
- - **Pay in USDC _or_ THREE on Solana.** When a 402 challenge offers more than one
72
+ - **Multi-token Solana picker.** When a 402 challenge offers more than one
11
73
  Solana token, the modal renders a token picker so the buyer chooses which to
12
74
  pay in; the headline price and the built transaction follow the choice. USDC
13
- and [$THREE](https://three.ws/three-token) (`FeMb…pump`) are recognized by mint
14
- — correct symbol, decimals, and branding even when the `accept` omits
75
+ is the always-on default; an optional opt-in `THREE` token is recognized by
76
+ mint — correct symbol and decimals even when the `accept` omits
15
77
  `extra.name`/`extra.decimals`.
16
78
  - **`solanaAccept()` server helper** — build a spec-shaped Solana `accept` from
17
79
  `token: 'usdc' | 'three'` (or an explicit `mint`) with the price as `uiAmount`
@@ -22,15 +84,15 @@ project adheres to [Semantic Versioning](https://semver.org).
22
84
 
23
85
  ### Notes
24
86
 
25
- - THREE is a utility token, not a stablecoin: the browser can't dollar-denominate
26
- it, so client-side spending caps apply to USDC only — enforce THREE caps
27
- server-side. Settlement is unchanged — the checkout endpoint already transfers
28
- any SPL mint named by the chosen `accept`.
87
+ - For any non-stable token (such as the optional `THREE`), the browser can't
88
+ dollar-denominate the price, so client-side spending caps apply to stablecoins
89
+ only — enforce caps for non-stable tokens server-side. Settlement is unchanged
90
+ — the checkout endpoint already transfers any SPL mint named by the chosen
91
+ `accept`.
29
92
 
30
93
  ## 1.0.0
31
94
 
32
- Initial public release. Extracted from the three.ws platform as a standalone,
33
- dependency-free package.
95
+ Initial public release as a standalone, dependency-free package.
34
96
 
35
97
  ### Added
36
98
 
@@ -0,0 +1,79 @@
1
+ # Contributing to @three-ws/x402-payment-modal
2
+
3
+ Thanks for helping improve the drop-in x402 checkout. This guide covers the local
4
+ setup, the layout, and the bar for a change to land.
5
+
6
+ ## Prerequisites
7
+
8
+ - Node.js **>= 18** (the package targets `engines.node >= 18`).
9
+ - npm (the repo uses npm; a lockfile-free `npm install` is fine).
10
+
11
+ ## Setup
12
+
13
+ ```bash
14
+ git clone https://github.com/nirholas/x402-payment-modal.git
15
+ cd x402-payment-modal
16
+ npm install
17
+ npm run build # bundles dist/x402.js + dist/x402.min.js from src/index.js
18
+ npm test # node --test — should report 14 pass / 2 skip
19
+ ```
20
+
21
+ The two skipped tests (`prepareSolanaCheckout builds a tx …`) hit a **live Solana
22
+ RPC** and are skipped by default. To run them, point a real RPC at the test
23
+ environment per the comments in `test/token2022.integration.test.js`.
24
+
25
+ ## Repository layout
26
+
27
+ | Path | What it is |
28
+ | --- | --- |
29
+ | `src/index.js` | The browser client — the `.` and `./min` exports. Zero runtime deps. |
30
+ | `server/checkout.js` | Framework-agnostic Solana checkout (`./server`). |
31
+ | `server/express.js`, `server/vercel.js` | Adapters (`./server/express`, `./server/vercel`). |
32
+ | `react/index.js` | React wrapper (`./react`): `X402Button`, `useX402`. |
33
+ | `types/*.d.ts` | TypeScript definitions for each subpath. |
34
+ | `build.mjs` | esbuild bundling `src` → `dist`. |
35
+ | `test/*.test.js` | `node --test` suites for the server helpers. |
36
+ | `docs/` | Reference docs (API, server, react, theming, caps, SIWX, architecture). |
37
+ | `examples/` | Runnable samples (plain HTML, React, Express, Solana paywall). |
38
+
39
+ ## Making a change
40
+
41
+ 1. **Match the existing patterns.** Read the neighboring code/docs first; keep the
42
+ naming, file organization, and comment style consistent.
43
+ 2. **No mocks, no placeholders, no TODOs.** Use real APIs. Every code sample in a
44
+ doc must actually run; every link must resolve.
45
+ 3. **Keep the client dependency-free.** The `.` export must not gain a runtime
46
+ dependency. Crypto helpers are lazy-loaded from a CDN on demand only.
47
+ 4. **Keep peer deps optional.** `@solana/web3.js`, `@solana/spl-token`, `express`,
48
+ and `react` stay in `peerDependenciesMeta` as `optional: true`.
49
+ 5. **Update the types.** A public API change must update the relevant `types/*.d.ts`.
50
+ 6. **Document it.** A new option, export, or subpath updates the matching doc in
51
+ `docs/` (and `README.md` / `CHANGELOG.md` for anything user-visible).
52
+
53
+ ## Before opening a PR
54
+
55
+ ```bash
56
+ npm run build && npm test
57
+ ```
58
+
59
+ - `npm test` must stay **14 pass / 2 skip** (the 2 skips need a live RPC).
60
+ - If you touched `src/`, rebuild — `dist/` is generated and shipped.
61
+ - Review your own diff: every changed line should be justified.
62
+
63
+ ## Commit & PR style
64
+
65
+ - Small, focused commits with a clear subject (`fix:`, `feat:`, `docs:` …).
66
+ - Describe the *why*, not just the *what*. Link the issue if there is one.
67
+ - For a behavior change, add or update a test.
68
+
69
+ ## Reporting bugs
70
+
71
+ Open an issue at <https://github.com/nirholas/x402-payment-modal/issues> with:
72
+
73
+ - The subpath involved (`.`, `./server`, `./react`, …).
74
+ - A minimal reproduction (a paste of the 402 challenge JSON helps a lot).
75
+ - Browser + wallet (for client issues) or Node version + RPC (for server issues).
76
+
77
+ ## License
78
+
79
+ Proprietary — Copyright (c) 2026 nirholas. All Rights Reserved. Unauthorized use, copying, modification, or distribution is prohibited. See [LICENSE](./LICENSE). By contributing you assign all right, title, and interest in your contributions to the Owner, and agree they are governed by the project's proprietary license.
package/LICENSE CHANGED
@@ -1,180 +1,38 @@
1
- Apache License
2
- Version 2.0, January 2004
3
- http://www.apache.org/licenses/
4
-
5
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
-
7
- 1. Definitions.
8
-
9
- "License" shall mean the terms and conditions for use, reproduction,
10
- and distribution as defined by Sections 1 through 9 of this document.
11
-
12
- "Licensor" shall mean the copyright owner or entity authorized by
13
- the copyright owner that is granting the License.
14
-
15
- "Legal Entity" shall mean the union of the acting entity and all
16
- other entities that control, are controlled by, or are under common
17
- control with that entity. For the purposes of this definition,
18
- "control" means (i) the power, direct or indirect, to cause the
19
- direction or management of such entity, whether by contract or
20
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
- outstanding shares, or (iii) beneficial ownership of such entity.
22
-
23
- "You" (or "Your") shall mean an individual or Legal Entity
24
- exercising permissions granted by this License.
25
-
26
- "Source" form shall mean the preferred form for making modifications,
27
- including but not limited to software source code, documentation
28
- source, and configuration files.
29
-
30
- "Object" form shall mean any form resulting from mechanical
31
- transformation or translation of a Source form, including but
32
- not limited to compiled object code, generated documentation,
33
- and conversions to other media types.
34
-
35
- "Work" shall mean the work of authorship made available under
36
- the License, as indicated by a copyright notice that is included in
37
- or attached to the work (an example is provided in the Appendix below).
38
-
39
- "Derivative Works" shall mean any work, whether in Source or Object
40
- form, that is based on (or derived from) the Work and for which the
41
- editorial revisions, annotations, elaborations, or other transformations
42
- represent, as a whole, an original work of authorship. For the purposes
43
- of this License, Derivative Works shall not include works that remain
44
- separable from, or merely link (or bind by name) to the interfaces of,
45
- the Work and Derivative Works thereof.
46
-
47
- "Contribution" shall mean, as submitted to the Licensor for inclusion
48
- in the Work by the copyright owner or by an individual or Legal Entity
49
- authorized to submit on behalf of the copyright owner. For the purposes
50
- of this definition, "submitted" means any form of electronic, verbal,
51
- or written communication sent to the Licensor or its representatives,
52
- including but not limited to communication on electronic mailing lists,
53
- source code control systems, and issue tracking systems that are managed
54
- by, or on behalf of, the Licensor for the purpose of discussing and
55
- improving the Work, but excluding communication that is conspicuously
56
- marked or designated in writing by the copyright owner as "Not a
57
- Contribution."
58
-
59
- "Contributor" shall mean Licensor and any Legal Entity on behalf of
60
- whom a Contribution has been received by the Licensor and included
61
- within the Work.
62
-
63
- 2. Grant of Copyright License. Subject to the terms and conditions of
64
- this License, each Contributor hereby grants to You a perpetual,
65
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
66
- copyright license to reproduce, prepare Derivative Works of,
67
- publicly display, publicly perform, sublicense, and distribute the
68
- Work and such Derivative Works in Source or Object form.
69
-
70
- 3. Grant of Patent License. Subject to the terms and conditions of
71
- this License, each Contributor hereby grants to You a perpetual,
72
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
73
- (except as stated in this section) patent license to make, have made,
74
- use, offer to sell, sell, import, and otherwise transfer the Work,
75
- where such license applies only to those patent claims licensable
76
- by such Contributor that are necessarily infringed by their
77
- Contribution(s) alone or by the combination of their Contribution(s)
78
- with the Work to which such Contribution(s) was submitted. If You
79
- institute patent litigation against any entity (including a cross-claim
80
- or counterclaim in a lawsuit) alleging that the Work or any
81
- Contribution embodied within the Work constitutes direct or contributory
82
- patent infringement, then any patent licenses granted to You under
83
- this License for that Work shall terminate as of the date such
84
- litigation is filed.
85
-
86
- 4. Redistribution. You may reproduce and distribute copies of the
87
- Work or Derivative Works thereof in any medium, with or without
88
- modifications, and in Source or Object form, provided that You
89
- meet the following conditions:
90
-
91
- (a) You must give any other recipients of the Work or Derivative
92
- Works a copy of this License; and
93
-
94
- (b) You must cause any modified files to carry prominent notices
95
- stating that You changed the files; and
96
-
97
- (c) You must retain, in the Source form of any Derivative Works
98
- that You distribute, all copyright, patent, trademark, and
99
- attribution notices from the Source form of the Work,
100
- excluding those notices that do not pertain to any part of
101
- the Derivative Works; and
102
-
103
- (d) If the Work includes a "NOTICE" text file as part of its
104
- distribution, You must include a readable copy of the
105
- attribution notices contained within such NOTICE file, in
106
- at least one of the following places: within a NOTICE text
107
- file distributed as part of the Derivative Works; within
108
- the Source form or documentation, if provided along with the
109
- Derivative Works; or, within a display generated by the
110
- Derivative Works, if and wherever such third-party notices
111
- normally appear. The contents of the NOTICE file are for
112
- informational purposes only and do not modify the License.
113
- You may add Your own attribution notices within Derivative
114
- Works that You distribute, alongside or in addition to the
115
- NOTICE text from the Work, provided that such additional
116
- attribution notices cannot be construed as modifying the License.
117
-
118
- You may add Your own license statement for Your modifications and
119
- may provide additional grant of rights to use, copy, modify, merge,
120
- publish, distribute, sublicense, and/or sell copies of the
121
- Derivative Works, and to permit persons to whom the Derivative Works
122
- are furnished to do so.
123
-
124
- 5. Submission of Contributions. Unless You explicitly state otherwise,
125
- any Contribution intentionally submitted for inclusion in the Work
126
- by You to the Licensor shall be under the terms and conditions of
127
- this License, without any additional terms or conditions.
128
- Notwithstanding the above, nothing herein shall supersede or modify
129
- the terms of any separate license agreement you may have executed
130
- with Licensor regarding such Contributions.
131
-
132
- 6. Trademarks. This License does not grant permission to use the trade
133
- names, trademarks, service marks, or product names of the Licensor,
134
- except as required for reasonable and customary use in describing the
135
- origin of the Work and reproducing the content of the NOTICE file.
136
-
137
- 7. Disclaimer of Warranty. Unless required by applicable law or
138
- agreed to in writing, Licensor provides the Work (and each
139
- Contributor provides its Contributions) on an "AS IS" BASIS,
140
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
141
- implied, including, without limitation, any warranties or conditions
142
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
143
- PARTICULAR PURPOSE. You are solely responsible for determining the
144
- appropriateness of using or reproducing the Work and assume any
145
- risks associated with Your exercise of permissions under this License.
146
-
147
- 8. Limitation of Liability. In no event and under no legal theory,
148
- whether in tort (including negligence), contract, or otherwise,
149
- unless required by applicable law (such as deliberate and grossly
150
- negligent acts) or agreed to in writing, shall any Contributor be
151
- liable to You for damages, including any direct, indirect, special,
152
- incidental, or exemplary damages of any character arising as a
153
- result of this License or out of the use or inability to use the
154
- Work (including but not limited to damages for loss of goodwill,
155
- work stoppage, computer failure or malfunction, or all other
156
- commercial damages or losses), even if such Contributor has been
157
- advised of the possibility of such damages.
158
-
159
- 9. Accepting Warranty or Additional Liability. While redistributing
160
- the Work or Derivative Works thereof, You may choose to offer,
161
- and charge a fee for, acceptance of support, warranty, indemnity,
162
- or other liability obligations and/or rights consistent with this
163
- License. However, in accepting such obligations, You may offer only
164
- conditions consistent with this License.
165
-
166
- END OF TERMS AND CONDITIONS
167
-
168
- Copyright 2026 nirholas
169
-
170
- Licensed under the Apache License, Version 2.0 (the "License");
171
- you may not use this file except in compliance with the License.
172
- You may obtain a copy of the License at
173
-
174
- http://www.apache.org/licenses/LICENSE-2.0
175
-
176
- Unless required by applicable law or agreed to in writing, software
177
- distributed under the License is distributed on an "AS IS" BASIS,
178
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
179
- See the License for the specific language governing permissions and
180
- limitations under the License.
1
+ PROPRIETARY SOFTWARE LICENSE
2
+
3
+ Copyright (c) 2026 nirholas. All Rights Reserved.
4
+
5
+ This software, including all source code, documentation, configuration, build
6
+ output, and associated files in this repository (collectively, the "Software"),
7
+ is the proprietary and confidential property of nirholas (the "Owner"). The
8
+ Software is protected by copyright laws and international treaty provisions. All
9
+ right, title, and interest in and to the Software, including all copyrights,
10
+ trademarks, trade secrets, patents, and other intellectual property rights, are
11
+ and shall remain the sole and exclusive property of the Owner.
12
+
13
+ NO LICENSE OR RIGHT IS GRANTED. No person or entity is granted any license or
14
+ right to access, use, copy, reproduce, modify, adapt, translate, merge, publish,
15
+ distribute, sublicense, sell, lease, rent, lend, transmit, host, display,
16
+ perform, create derivative works from, decompile, disassemble, reverse engineer,
17
+ or otherwise exploit the Software, in whole or in part, in any form or by any
18
+ means, without the express prior written permission of the Owner in each
19
+ instance.
20
+
21
+ Unauthorized access, use, reproduction, modification, or distribution of the
22
+ Software, or of any portion of it, is strictly prohibited, constitutes
23
+ infringement of the Owner's intellectual property rights, and may result in
24
+ severe civil and criminal penalties. Violations will be prosecuted to the
25
+ maximum extent permitted by law.
26
+
27
+ Third-party components, dependencies, and protocols referenced or required by the
28
+ Software remain governed by their own respective licenses; this License applies
29
+ solely to the original works authored by the Owner contained in this repository.
30
+
31
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
33
+ FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE OWNER
34
+ BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF
35
+ CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE
36
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
37
+
38
+ For licensing inquiries, contact the Owner at https://github.com/nirholas.