clawmoney 0.17.2 → 0.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/wallet/x402-client.js +12 -6
  2. package/package.json +1 -1
package/dist/wallet/x402-client.js CHANGED
@@ -1,4 +1,4 @@
1
- import { bytesToHex, keccak256, stringToBytes } from 'viem';
1
+ import { bytesToHex } from 'viem';
2
2
  const CHAIN_IDS = {
3
3
  base: 8453,
4
4
  'base-sepolia': 84532,
@@ -44,9 +44,12 @@ async function signPaymentAuthorization(wallet, req, fromAddress) {
44
44
  throw new Error(`Unsupported x402 network: ${req.network}`);
45
45
  }
46
46
  const now = Math.floor(Date.now() / 1000);
47
- const validAfter = 0;
48
- const validBefore = now + req.maxTimeoutSeconds;
47
+ const validAfter = "0";
48
+ const validBefore = String(now + req.maxTimeoutSeconds);
49
49
  const nonce = randomNonce32();
50
+ // x402 spec (and facilitator Zod schemas) require uint256 fields as
51
+ // JSON strings, not numbers. CDP's sign_typed_data accepts either for
52
+ // the signing input, but the X-Payment payload must be stringified.
50
53
  const authorization = {
51
54
  from: fromAddress,
52
55
  to: req.payTo,
@@ -68,9 +71,12 @@ async function signPaymentAuthorization(wallet, req, fromAddress) {
68
71
  primary_type: 'TransferWithAuthorization',
69
72
  message: authorization,
70
73
  };
71
- // Idempotency key: deterministic hash of the authorization so a retry
72
- // producing the same nonce won't double-sign.
73
- const idempotencyKey = keccak256(stringToBytes(JSON.stringify(authorization)));
74
+ // Idempotency key: random UUID (36 chars, CDP SDK's documented limit).
75
+ // We can't use keccak(authorization) because its 66-char hex output
76
+ // exceeds CDP's x_idempotency_key length cap. Since `nonce` inside
77
+ // the authorization is already unique per request, a random UUID
78
+ // here is sufficient to dedupe client-side retries.
79
+ const idempotencyKey = crypto.randomUUID();
74
80
  const signed = await wallet.signTypedData(typed, idempotencyKey);
75
81
  return { signature: signed.signature, authorization };
76
82
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "clawmoney",
3
- "version": "0.17.2",
3
+ "version": "0.17.3",
4
4
  "description": "ClawMoney CLI -- Earn rewards with your AI agent",
5
5
  "type": "module",
6
6
  "bin": {