moltspay 0.7.2 → 0.8.0

package/dist/server/index.d.mts

@@ -69,11 +69,15 @@ interface MoltsPayServerOptions {
     port?: number;
     host?: string;
     chargeExpirySecs?: number;
+    /** Private key for claiming payments (can also use MOLTSPAY_PRIVATE_KEY env) */
+    privateKey?: string;
 }
 
 /**
  * MoltsPay Server - Payment infrastructure for AI Agents
  *
+ * Uses x402 protocol for gasless, pay-for-success payments.
+ *
  * Usage:
  *   const server = new MoltsPayServer('./moltspay.services.json');
  *   server.skill('text-to-video', async (params) => { ... });
@@ -83,8 +87,9 @@ interface MoltsPayServerOptions {
 declare class MoltsPayServer {
     private manifest;
     private skills;
-    private charges;
     private options;
+    private provider;
+    private wallet;
     constructor(servicesPath: string, options?: MoltsPayServerOptions);
     /**
      * Register a skill handler for a service
@@ -100,19 +105,23 @@ declare class MoltsPayServer {
      */
     private handleGetServices;
     /**
-     * POST /pay - Create payment request
+     * POST /execute - Execute service with x402 payment
      * Body: { service: string, params: object }
+     * Header: X-Payment (optional - if missing, returns 402)
+     */
+    private handleExecute;
+    /**
+     * Return 402 with x402 payment requirements
      */
-    private handlePay;
+    private sendPaymentRequired;
     /**
-     * POST /verify - Verify payment and execute skill
-     * Body: { chargeId: string, txHash: string }
+     * Validate x402 payment payload
      */
-    private handleVerify;
+    private validatePayment;
     /**
-     * GET /status/:chargeId - Check charge status
+     * Claim payment using transferWithAuthorization
      */
-    private handleStatus;
+    private claimPayment;
     private readBody;
     private sendJson;
 }

package/dist/server/index.d.ts

@@ -69,11 +69,15 @@ interface MoltsPayServerOptions {
     port?: number;
     host?: string;
     chargeExpirySecs?: number;
+    /** Private key for claiming payments (can also use MOLTSPAY_PRIVATE_KEY env) */
+    privateKey?: string;
 }
 
 /**
  * MoltsPay Server - Payment infrastructure for AI Agents
  *
+ * Uses x402 protocol for gasless, pay-for-success payments.
+ *
  * Usage:
  *   const server = new MoltsPayServer('./moltspay.services.json');
  *   server.skill('text-to-video', async (params) => { ... });
@@ -83,8 +87,9 @@ interface MoltsPayServerOptions {
 declare class MoltsPayServer {
     private manifest;
     private skills;
-    private charges;
     private options;
+    private provider;
+    private wallet;
     constructor(servicesPath: string, options?: MoltsPayServerOptions);
     /**
      * Register a skill handler for a service
@@ -100,19 +105,23 @@ declare class MoltsPayServer {
      */
     private handleGetServices;
     /**
-     * POST /pay - Create payment request
+     * POST /execute - Execute service with x402 payment
      * Body: { service: string, params: object }
+     * Header: X-Payment (optional - if missing, returns 402)
+     */
+    private handleExecute;
+    /**
+     * Return 402 with x402 payment requirements
      */
-    private handlePay;
+    private sendPaymentRequired;
     /**
-     * POST /verify - Verify payment and execute skill
-     * Body: { chargeId: string, txHash: string }
+     * Validate x402 payment payload
      */
-    private handleVerify;
+    private validatePayment;
     /**
-     * GET /status/:chargeId - Check charge status
+     * Claim payment using transferWithAuthorization
      */
-    private handleStatus;
+    private claimPayment;
     private readBody;
     private sendJson;
 }

package/dist/server/index.js

@@ -25,8 +25,6 @@ __export(server_exports, {
 module.exports = __toCommonJS(server_exports);
 var import_fs = require("fs");
 var import_http = require("http");
-
-// src/verify/index.ts
 var import_ethers = require("ethers");
 
 // src/chains/index.ts
@@ -86,101 +84,39 @@ function getChain(name) {
   }
   return config;
 }
-function getChainById(chainId) {
-  return Object.values(CHAINS).find((c) => c.chainId === chainId);
-}
-
-// src/verify/index.ts
-var TRANSFER_EVENT_TOPIC = import_ethers.ethers.id("Transfer(address,address,uint256)");
-async function verifyPayment(params) {
-  const { txHash, expectedAmount, expectedTo } = params;
-  let chain;
-  try {
-    if (typeof params.chain === "number") {
-      chain = getChainById(params.chain);
-    } else {
-      chain = getChain(params.chain || "base");
-    }
-    if (!chain) {
-      return { verified: false, error: `Unsupported chain: ${params.chain}` };
-    }
-  } catch (e) {
-    return { verified: false, error: `Unsupported chain: ${params.chain}` };
-  }
-  try {
-    const provider = new import_ethers.ethers.JsonRpcProvider(chain.rpc);
-    const receipt = await provider.getTransactionReceipt(txHash);
-    if (!receipt) {
-      return { verified: false, error: "Transaction not found or not confirmed" };
-    }
-    if (receipt.status !== 1) {
-      return { verified: false, error: "Transaction failed" };
-    }
-    const usdcAddress = chain.usdc?.toLowerCase();
-    if (!usdcAddress) {
-      return { verified: false, error: `Chain ${chain.name} USDC address not configured` };
-    }
-    for (const log of receipt.logs) {
-      if (log.address.toLowerCase() !== usdcAddress) {
-        continue;
-      }
-      if (log.topics.length < 3 || log.topics[0] !== TRANSFER_EVENT_TOPIC) {
-        continue;
-      }
-      const from = "0x" + log.topics[1].slice(-40);
-      const to = "0x" + log.topics[2].slice(-40);
-      const amountRaw = BigInt(log.data);
-      const amount = Number(amountRaw) / 1e6;
-      if (expectedTo && to.toLowerCase() !== expectedTo.toLowerCase()) {
-        continue;
-      }
-      if (amount < expectedAmount) {
-        return {
-          verified: false,
-          error: `Insufficient amount: received ${amount} USDC, expected ${expectedAmount} USDC`,
-          amount,
-          from,
-          to,
-          txHash,
-          blockNumber: receipt.blockNumber
-        };
-      }
-      return {
-        verified: true,
-        amount,
-        from,
-        to,
-        txHash,
-        blockNumber: receipt.blockNumber
-      };
-    }
-    return { verified: false, error: "No USDC transfer found" };
-  } catch (e) {
-    return { verified: false, error: e.message || String(e) };
-  }
-}
 
 // src/server/index.ts
-function generateChargeId() {
-  return "ch_" + Math.random().toString(36).substring(2, 15);
-}
+var X402_VERSION = 2;
+var PAYMENT_REQUIRED_HEADER = "x-payment-required";
+var PAYMENT_HEADER = "x-payment";
 var MoltsPayServer = class {
   manifest;
   skills = /* @__PURE__ */ new Map();
-  charges = /* @__PURE__ */ new Map();
   options;
+  provider = null;
+  wallet = null;
   constructor(servicesPath, options = {}) {
     const content = (0, import_fs.readFileSync)(servicesPath, "utf-8");
     this.manifest = JSON.parse(content);
     this.options = {
       port: options.port || 3e3,
       host: options.host || "0.0.0.0",
-      chargeExpirySecs: options.chargeExpirySecs || 300
-      // 5 minutes
+      privateKey: options.privateKey || process.env.MOLTSPAY_PRIVATE_KEY
     };
+    if (this.options.privateKey) {
+      try {
+        const chain = getChain(this.manifest.provider.chain);
+        this.provider = new import_ethers.ethers.JsonRpcProvider(chain.rpc);
+        this.wallet = new import_ethers.ethers.Wallet(this.options.privateKey, this.provider);
+        console.log(`[MoltsPay] Payment wallet: ${this.wallet.address}`);
+      } catch (err) {
+        console.warn("[MoltsPay] Warning: Could not initialize wallet for payment claims");
+      }
+    }
     console.log(`[MoltsPay] Loaded ${this.manifest.services.length} services from ${servicesPath}`);
     console.log(`[MoltsPay] Provider: ${this.manifest.provider.name}`);
-    console.log(`[MoltsPay] Wallet: ${this.manifest.provider.wallet}`);
+    console.log(`[MoltsPay] Receive wallet: ${this.manifest.provider.wallet}`);
+    console.log(`[MoltsPay] Protocol: x402 (gasless, pay-for-success)`);
   }
   /**
    * Register a skill handler for a service
@@ -207,10 +143,8 @@ var MoltsPayServer = class {
     server.listen(p, this.options.host, () => {
       console.log(`[MoltsPay] Server listening on http://${this.options.host}:${p}`);
       console.log(`[MoltsPay] Endpoints:`);
-      console.log(`  GET  /services  - List available services`);
-      console.log(`  POST /pay       - Create payment & execute service`);
-      console.log(`  POST /verify    - Verify payment & get result`);
-      console.log(`  GET  /status/:id - Check charge status`);
+      console.log(`  GET  /services     - List available services`);
+      console.log(`  POST /execute      - Execute service (x402 payment)`);
     });
   }
   async handleRequest(req, res) {
@@ -219,7 +153,8 @@ var MoltsPayServer = class {
     const method = req.method || "GET";
     res.setHeader("Access-Control-Allow-Origin", "*");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Payment");
+    res.setHeader("Access-Control-Expose-Headers", "X-Payment-Required, X-Payment-Response");
     if (method === "OPTIONS") {
       res.writeHead(204);
       res.end();
@@ -229,17 +164,10 @@ var MoltsPayServer = class {
       if (method === "GET" && path === "/services") {
         return this.handleGetServices(res);
       }
-      if (method === "POST" && path === "/pay") {
-        const body = await this.readBody(req);
-        return this.handlePay(body, res);
-      }
-      if (method === "POST" && path === "/verify") {
+      if (method === "POST" && path === "/execute") {
         const body = await this.readBody(req);
-        return this.handleVerify(body, res);
-      }
-      if (method === "GET" && path.startsWith("/status/")) {
-        const chargeId = path.replace("/status/", "");
-        return this.handleStatus(chargeId, res);
+        const paymentHeader = req.headers[PAYMENT_HEADER];
+        return this.handleExecute(body, paymentHeader, res);
       }
       this.sendJson(res, 404, { error: "Not found" });
     } catch (err) {
@@ -251,6 +179,7 @@ var MoltsPayServer = class {
    * GET /services - List available services
    */
   handleGetServices(res) {
+    const chain = getChain(this.manifest.provider.chain);
     const services = this.manifest.services.map((s) => ({
       id: s.id,
       name: s.name,
@@ -263,14 +192,20 @@ var MoltsPayServer = class {
     }));
     this.sendJson(res, 200, {
       provider: this.manifest.provider,
-      services
+      services,
+      x402: {
+        version: X402_VERSION,
+        network: `eip155:${chain.chainId}`,
+        schemes: ["exact"]
+      }
     });
   }
   /**
-   * POST /pay - Create payment request
+   * POST /execute - Execute service with x402 payment
    * Body: { service: string, params: object }
+   * Header: X-Payment (optional - if missing, returns 402)
    */
-  handlePay(body, res) {
+  async handleExecute(body, paymentHeader, res) {
     const { service, params } = body;
     if (!service) {
       return this.sendJson(res, 400, { error: "Missing service" });
@@ -284,113 +219,129 @@ var MoltsPayServer = class {
         return this.sendJson(res, 400, { error: `Missing required param: ${key}` });
       }
     }
-    const chargeId = generateChargeId();
-    const now = Date.now();
-    const charge = {
-      id: chargeId,
-      service,
-      params: params || {},
-      amount: skill.config.price,
-      currency: skill.config.currency,
-      status: "pending",
-      createdAt: now,
-      expiresAt: now + this.options.chargeExpirySecs * 1e3
-    };
-    this.charges.set(chargeId, charge);
-    const paymentRequest = {
-      chargeId,
-      service,
-      amount: charge.amount,
-      currency: charge.currency,
-      wallet: this.manifest.provider.wallet,
-      chain: this.manifest.provider.chain,
-      expiresAt: charge.expiresAt
-    };
-    this.sendJson(res, 402, {
-      message: "Payment required",
-      payment: paymentRequest
+    if (!paymentHeader) {
+      return this.sendPaymentRequired(skill.config, res);
+    }
+    let payment;
+    try {
+      const decoded = Buffer.from(paymentHeader, "base64").toString("utf-8");
+      payment = JSON.parse(decoded);
+    } catch {
+      return this.sendJson(res, 400, { error: "Invalid X-Payment header" });
+    }
+    const validation = this.validatePayment(payment, skill.config);
+    if (!validation.valid) {
+      return this.sendJson(res, 402, { error: validation.error });
+    }
+    console.log(`[MoltsPay] Executing skill: ${service}`);
+    let result;
+    try {
+      result = await skill.handler(params || {});
+    } catch (err) {
+      console.error("[MoltsPay] Skill execution failed:", err.message);
+      return this.sendJson(res, 500, {
+        error: "Service execution failed",
+        message: err.message
+      });
+    }
+    console.log(`[MoltsPay] Skill succeeded, claiming payment...`);
+    let txHash = null;
+    try {
+      txHash = await this.claimPayment(payment);
+      console.log(`[MoltsPay] Payment claimed: ${txHash}`);
+    } catch (err) {
+      console.error("[MoltsPay] Payment claim failed:", err.message);
+    }
+    this.sendJson(res, 200, {
+      success: true,
+      result,
+      payment: txHash ? { txHash, status: "claimed" } : { status: "pending" }
     });
   }
   /**
-   * POST /verify - Verify payment and execute skill
-   * Body: { chargeId: string, txHash: string }
+   * Return 402 with x402 payment requirements
    */
-  async handleVerify(body, res) {
-    const { chargeId, txHash } = body;
-    if (!chargeId || !txHash) {
-      return this.sendJson(res, 400, { error: "Missing chargeId or txHash" });
+  sendPaymentRequired(config, res) {
+    const chain = getChain(this.manifest.provider.chain);
+    const amountInUnits = Math.floor(config.price * 1e6).toString();
+    const requirements = [{
+      scheme: "exact",
+      network: `eip155:${chain.chainId}`,
+      maxAmountRequired: amountInUnits,
+      resource: this.manifest.provider.wallet,
+      description: `${config.name} - $${config.price} ${config.currency}`
+    }];
+    const encoded = Buffer.from(JSON.stringify(requirements)).toString("base64");
+    res.writeHead(402, {
+      "Content-Type": "application/json",
+      [PAYMENT_REQUIRED_HEADER]: encoded
+    });
+    res.end(JSON.stringify({
+      error: "Payment required",
+      message: `Service requires $${config.price} ${config.currency}`,
+      x402: requirements[0]
+    }, null, 2));
+  }
+  /**
+   * Validate x402 payment payload
+   */
+  validatePayment(payment, config) {
+    if (payment.x402Version !== X402_VERSION) {
+      return { valid: false, error: `Unsupported x402 version: ${payment.x402Version}` };
     }
-    const charge = this.charges.get(chargeId);
-    if (!charge) {
-      return this.sendJson(res, 404, { error: "Charge not found" });
+    if (payment.scheme !== "exact") {
+      return { valid: false, error: `Unsupported scheme: ${payment.scheme}` };
     }
-    if (Date.now() > charge.expiresAt) {
-      charge.status = "expired";
-      return this.sendJson(res, 400, { error: "Charge expired" });
+    const chain = getChain(this.manifest.provider.chain);
+    const expectedNetwork = `eip155:${chain.chainId}`;
+    if (payment.network !== expectedNetwork) {
+      return { valid: false, error: `Network mismatch: expected ${expectedNetwork}` };
     }
-    if (charge.status === "completed") {
-      return this.sendJson(res, 200, {
-        status: "completed",
-        result: charge.result
-      });
+    const auth = payment.payload.authorization;
+    if (auth.to.toLowerCase() !== this.manifest.provider.wallet.toLowerCase()) {
+      return { valid: false, error: "Payment recipient mismatch" };
     }
-    try {
-      const verification = await verifyPayment({
-        txHash,
-        expectedTo: this.manifest.provider.wallet,
-        expectedAmount: charge.amount,
-        chain: this.manifest.provider.chain
-      });
-      if (!verification.verified) {
-        charge.status = "failed";
-        return this.sendJson(res, 400, {
-          error: "Payment verification failed",
-          reason: verification.error
-        });
-      }
-      charge.status = "paid";
-      charge.txHash = txHash;
-      charge.paidAt = Date.now();
-      const skill = this.skills.get(charge.service);
-      console.log(`[MoltsPay] Executing skill: ${charge.service}`);
-      const result = await skill.handler(charge.params);
-      charge.status = "completed";
-      charge.result = result;
-      charge.completedAt = Date.now();
-      this.sendJson(res, 200, {
-        status: "completed",
-        chargeId,
-        txHash,
-        result
-      });
-    } catch (err) {
-      console.error("[MoltsPay] Skill execution error:", err);
-      charge.status = "failed";
-      this.sendJson(res, 500, {
-        error: "Skill execution failed",
-        message: err.message
-      });
+    const amount = Number(auth.value) / 1e6;
+    if (amount < config.price) {
+      return { valid: false, error: `Insufficient amount: $${amount} < $${config.price}` };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (Number(auth.validBefore) < now) {
+      return { valid: false, error: "Payment authorization expired" };
     }
+    if (Number(auth.validAfter) > now) {
+      return { valid: false, error: "Payment authorization not yet valid" };
+    }
+    return { valid: true };
   }
   /**
-   * GET /status/:chargeId - Check charge status
+   * Claim payment using transferWithAuthorization
    */
-  handleStatus(chargeId, res) {
-    const charge = this.charges.get(chargeId);
-    if (!charge) {
-      return this.sendJson(res, 404, { error: "Charge not found" });
+  async claimPayment(payment) {
+    if (!this.wallet || !this.provider) {
+      throw new Error("Wallet not configured for payment claims");
     }
-    this.sendJson(res, 200, {
-      chargeId: charge.id,
-      service: charge.service,
-      amount: charge.amount,
-      currency: charge.currency,
-      status: charge.status,
-      txHash: charge.txHash,
-      result: charge.status === "completed" ? charge.result : void 0,
-      createdAt: charge.createdAt,
-      expiresAt: charge.expiresAt
-    });
+    const chain = getChain(this.manifest.provider.chain);
+    const auth = payment.payload.authorization;
+    const sig = payment.payload.signature;
+    const { r, s, v } = import_ethers.ethers.Signature.from(sig);
+    const usdcAbi = [
+      "function transferWithAuthorization(address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s)"
+    ];
+    const usdc = new import_ethers.ethers.Contract(chain.usdc, usdcAbi, this.wallet);
+    const tx = await usdc.transferWithAuthorization(
+      auth.from,
+      auth.to,
+      auth.value,
+      auth.validAfter,
+      auth.validBefore,
+      auth.nonce,
+      v,
+      r,
+      s
+    );
+    const receipt = await tx.wait();
+    return receipt.hash;
   }
   async readBody(req) {
     return new Promise((resolve, reject) => {