moltspay 0.8.0 → 0.8.1

package/dist/cli/index.js

@@ -367,38 +367,29 @@ var MoltsPayClient = class {
 // src/server/index.ts
 var import_fs2 = require("fs");
 var import_http = require("http");
-var import_ethers2 = require("ethers");
 var X402_VERSION2 = 2;
 var PAYMENT_REQUIRED_HEADER2 = "x-payment-required";
 var PAYMENT_HEADER2 = "x-payment";
+var PAYMENT_RESPONSE_HEADER = "x-payment-response";
+var DEFAULT_FACILITATOR_URL = "https://x402.org/facilitator";
 var MoltsPayServer = class {
   manifest;
   skills = /* @__PURE__ */ new Map();
   options;
-  provider = null;
-  wallet = null;
+  facilitatorUrl;
   constructor(servicesPath, options = {}) {
     const content = (0, import_fs2.readFileSync)(servicesPath, "utf-8");
     this.manifest = JSON.parse(content);
     this.options = {
       port: options.port || 3e3,
-      host: options.host || "0.0.0.0",
-      privateKey: options.privateKey || process.env.MOLTSPAY_PRIVATE_KEY
+      host: options.host || "0.0.0.0"
     };
-    if (this.options.privateKey) {
-      try {
-        const chain = getChain(this.manifest.provider.chain);
-        this.provider = new import_ethers2.ethers.JsonRpcProvider(chain.rpc);
-        this.wallet = new import_ethers2.ethers.Wallet(this.options.privateKey, this.provider);
-        console.log(`[MoltsPay] Payment wallet: ${this.wallet.address}`);
-      } catch (err) {
-        console.warn("[MoltsPay] Warning: Could not initialize wallet for payment claims");
-      }
-    }
+    this.facilitatorUrl = options.facilitatorUrl || DEFAULT_FACILITATOR_URL;
     console.log(`[MoltsPay] Loaded ${this.manifest.services.length} services from ${servicesPath}`);
     console.log(`[MoltsPay] Provider: ${this.manifest.provider.name}`);
     console.log(`[MoltsPay] Receive wallet: ${this.manifest.provider.wallet}`);
-    console.log(`[MoltsPay] Protocol: x402 (gasless, pay-for-success)`);
+    console.log(`[MoltsPay] Facilitator: ${this.facilitatorUrl}`);
+    console.log(`[MoltsPay] Protocol: x402 (gasless for both client AND server)`);
   }
   /**
    * Register a skill handler for a service
@@ -408,48 +399,45 @@ var MoltsPayServer = class {
     if (!config) {
       throw new Error(`Service '${serviceId}' not found in manifest`);
     }
-    this.skills.set(serviceId, {
-      id: serviceId,
-      config,
-      handler
-    });
-    console.log(`[MoltsPay] Registered skill: ${serviceId} ($${config.price} ${config.currency})`);
+    this.skills.set(serviceId, { id: serviceId, config, handler });
     return this;
   }
   /**
-   * Start the server
+   * Start HTTP server
    */
   listen(port) {
-    const p = port || this.options.port;
+    const p = port || this.options.port || 3e3;
+    const host = this.options.host || "0.0.0.0";
     const server = (0, import_http.createServer)((req, res) => this.handleRequest(req, res));
-    server.listen(p, this.options.host, () => {
-      console.log(`[MoltsPay] Server listening on http://${this.options.host}:${p}`);
+    server.listen(p, host, () => {
+      console.log(`[MoltsPay] Server listening on http://${host}:${p}`);
       console.log(`[MoltsPay] Endpoints:`);
       console.log(`  GET  /services     - List available services`);
       console.log(`  POST /execute      - Execute service (x402 payment)`);
     });
   }
+  /**
+   * Handle incoming request
+   */
   async handleRequest(req, res) {
-    const url = new URL(req.url || "/", `http://${req.headers.host}`);
-    const path = url.pathname;
-    const method = req.method || "GET";
     res.setHeader("Access-Control-Allow-Origin", "*");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
     res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Payment");
     res.setHeader("Access-Control-Expose-Headers", "X-Payment-Required, X-Payment-Response");
-    if (method === "OPTIONS") {
+    if (req.method === "OPTIONS") {
       res.writeHead(204);
       res.end();
       return;
     }
     try {
-      if (method === "GET" && path === "/services") {
+      const url = new URL(req.url || "/", `http://${req.headers.host}`);
+      if (url.pathname === "/services" && req.method === "GET") {
         return this.handleGetServices(res);
       }
-      if (method === "POST" && path === "/execute") {
+      if (url.pathname === "/execute" && req.method === "POST") {
         const body = await this.readBody(req);
         const paymentHeader = req.headers[PAYMENT_HEADER2];
-        return this.handleExecute(body, paymentHeader, res);
+        return await this.handleExecute(body, paymentHeader, res);
       }
       this.sendJson(res, 404, { error: "Not found" });
     } catch (err) {
@@ -478,7 +466,8 @@ var MoltsPayServer = class {
       x402: {
         version: X402_VERSION2,
         network: `eip155:${chain.chainId}`,
-        schemes: ["exact"]
+        schemes: ["exact"],
+        facilitator: this.facilitatorUrl
       }
     });
   }
@@ -515,6 +504,11 @@ var MoltsPayServer = class {
     if (!validation.valid) {
       return this.sendJson(res, 402, { error: validation.error });
     }
+    console.log(`[MoltsPay] Verifying payment with facilitator...`);
+    const verifyResult = await this.verifyWithFacilitator(payment, skill.config);
+    if (!verifyResult.valid) {
+      return this.sendJson(res, 402, { error: `Payment verification failed: ${verifyResult.error}` });
+    }
     console.log(`[MoltsPay] Executing skill: ${service}`);
     let result;
     try {
@@ -526,19 +520,30 @@ var MoltsPayServer = class {
         message: err.message
       });
     }
-    console.log(`[MoltsPay] Skill succeeded, claiming payment...`);
-    let txHash = null;
+    console.log(`[MoltsPay] Skill succeeded, settling payment...`);
+    let settlement = null;
     try {
-      txHash = await this.claimPayment(payment);
-      console.log(`[MoltsPay] Payment claimed: ${txHash}`);
+      settlement = await this.settleWithFacilitator(payment, skill.config);
+      console.log(`[MoltsPay] Payment settled: ${settlement.transaction || "pending"}`);
     } catch (err) {
-      console.error("[MoltsPay] Payment claim failed:", err.message);
+      console.error("[MoltsPay] Settlement failed:", err.message);
+    }
+    const responseHeaders = {};
+    if (settlement) {
+      const responsePayload = {
+        success: true,
+        transaction: settlement.transaction,
+        network: payment.network
+      };
+      responseHeaders[PAYMENT_RESPONSE_HEADER] = Buffer.from(
+        JSON.stringify(responsePayload)
+      ).toString("base64");
     }
     this.sendJson(res, 200, {
       success: true,
       result,
-      payment: txHash ? { txHash, status: "claimed" } : { status: "pending" }
-    });
+      payment: settlement ? { transaction: settlement.transaction, status: "settled" } : { status: "pending" }
+    }, responseHeaders);
   }
   /**
    * Return 402 with x402 payment requirements
@@ -551,7 +556,9 @@ var MoltsPayServer = class {
       network: `eip155:${chain.chainId}`,
       maxAmountRequired: amountInUnits,
       resource: this.manifest.provider.wallet,
-      description: `${config.name} - $${config.price} ${config.currency}`
+      description: `${config.name} - $${config.price} ${config.currency}`,
+      // Include facilitator info for client
+      extra: JSON.stringify({ facilitator: this.facilitatorUrl })
     }];
     const encoded = Buffer.from(JSON.stringify(requirements)).toString("base64");
     res.writeHead(402, {
@@ -565,7 +572,7 @@ var MoltsPayServer = class {
     }, null, 2));
   }
   /**
-   * Validate x402 payment payload
+   * Basic payment validation (before calling facilitator)
    */
   validatePayment(payment, config) {
     if (payment.x402Version !== X402_VERSION2) {
@@ -579,51 +586,66 @@ var MoltsPayServer = class {
     if (payment.network !== expectedNetwork) {
       return { valid: false, error: `Network mismatch: expected ${expectedNetwork}` };
     }
-    const auth = payment.payload.authorization;
-    if (auth.to.toLowerCase() !== this.manifest.provider.wallet.toLowerCase()) {
-      return { valid: false, error: "Payment recipient mismatch" };
-    }
-    const amount = Number(auth.value) / 1e6;
-    if (amount < config.price) {
-      return { valid: false, error: `Insufficient amount: $${amount} < $${config.price}` };
-    }
-    const now = Math.floor(Date.now() / 1e3);
-    if (Number(auth.validBefore) < now) {
-      return { valid: false, error: "Payment authorization expired" };
-    }
-    if (Number(auth.validAfter) > now) {
-      return { valid: false, error: "Payment authorization not yet valid" };
-    }
     return { valid: true };
   }
   /**
-   * Claim payment using transferWithAuthorization
+   * Verify payment with facilitator
    */
-  async claimPayment(payment) {
-    if (!this.wallet || !this.provider) {
-      throw new Error("Wallet not configured for payment claims");
+  async verifyWithFacilitator(payment, config) {
+    try {
+      const chain = getChain(this.manifest.provider.chain);
+      const amountInUnits = Math.floor(config.price * 1e6).toString();
+      const requirements = {
+        scheme: "exact",
+        network: `eip155:${chain.chainId}`,
+        maxAmountRequired: amountInUnits,
+        resource: this.manifest.provider.wallet
+      };
+      const response = await fetch(`${this.facilitatorUrl}/verify`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          paymentPayload: payment,
+          paymentRequirements: requirements
+        })
+      });
+      const result = await response.json();
+      if (!response.ok || !result.isValid) {
+        return { valid: false, error: result.invalidReason || "Verification failed" };
+      }
+      return { valid: true };
+    } catch (err) {
+      return { valid: false, error: `Facilitator error: ${err.message}` };
     }
+  }
+  /**
+   * Settle payment with facilitator (execute on-chain transfer)
+   */
+  async settleWithFacilitator(payment, config) {
     const chain = getChain(this.manifest.provider.chain);
-    const auth = payment.payload.authorization;
-    const sig = payment.payload.signature;
-    const { r, s, v } = import_ethers2.ethers.Signature.from(sig);
-    const usdcAbi = [
-      "function transferWithAuthorization(address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s)"
-    ];
-    const usdc = new import_ethers2.ethers.Contract(chain.usdc, usdcAbi, this.wallet);
-    const tx = await usdc.transferWithAuthorization(
-      auth.from,
-      auth.to,
-      auth.value,
-      auth.validAfter,
-      auth.validBefore,
-      auth.nonce,
-      v,
-      r,
-      s
-    );
-    const receipt = await tx.wait();
-    return receipt.hash;
+    const amountInUnits = Math.floor(config.price * 1e6).toString();
+    const requirements = {
+      scheme: "exact",
+      network: `eip155:${chain.chainId}`,
+      maxAmountRequired: amountInUnits,
+      resource: this.manifest.provider.wallet
+    };
+    const response = await fetch(`${this.facilitatorUrl}/settle`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        paymentPayload: payment,
+        paymentRequirements: requirements
+      })
+    });
+    const result = await response.json();
+    if (!response.ok) {
+      throw new Error(result.error || "Settlement failed");
+    }
+    return {
+      transaction: result.transaction,
+      status: result.status || "settled"
+    };
   }
   async readBody(req) {
     return new Promise((resolve2, reject) => {
@@ -639,8 +661,12 @@ var MoltsPayServer = class {
       req.on("error", reject);
     });
   }
-  sendJson(res, status, data) {
-    res.writeHead(status, { "Content-Type": "application/json" });
+  sendJson(res, status, data, extraHeaders) {
+    const headers = { "Content-Type": "application/json" };
+    if (extraHeaders) {
+      Object.assign(headers, extraHeaders);
+    }
+    res.writeHead(status, headers);
     res.end(JSON.stringify(data, null, 2));
   }
 };
@@ -801,7 +827,7 @@ program.command("services <url>").description("List services from a provider").o
     console.error("\u274C Error:", err.message);
   }
 });
-program.command("start <manifest>").description("Start MoltsPay server from services manifest").option("-p, --port <port>", "Port to listen on", "3000").option("--host <host>", "Host to bind", "0.0.0.0").option("--private-key <key>", "Private key for claiming payments (or use MOLTSPAY_PRIVATE_KEY env)").action(async (manifest, options) => {
+program.command("start <manifest>").description("Start MoltsPay server from services manifest").option("-p, --port <port>", "Port to listen on", "3000").option("--host <host>", "Host to bind", "0.0.0.0").option("--facilitator <url>", "x402 facilitator URL (default: https://x402.org/facilitator)").action(async (manifest, options) => {
   const manifestPath = (0, import_path2.resolve)(manifest);
   if (!(0, import_fs3.existsSync)(manifestPath)) {
     console.error(`\u274C Manifest not found: ${manifestPath}`);
@@ -809,16 +835,15 @@ program.command("start <manifest>").description("Start MoltsPay server from serv
   }
   const port = parseInt(options.port, 10);
   const host = options.host;
-  const privateKey = options.privateKey || process.env.MOLTSPAY_PRIVATE_KEY;
+  const facilitatorUrl = options.facilitator;
   console.log(`
 \u{1F680} Starting MoltsPay Server (x402 protocol)
 `);
   console.log(`   Manifest: ${manifestPath}`);
   console.log(`   Port: ${port}`);
-  console.log(`   Payment claims: ${privateKey ? "enabled" : "disabled (no private key)"}`);
   console.log("");
   try {
-    const server = new MoltsPayServer(manifestPath, { port, host, privateKey });
+    const server = new MoltsPayServer(manifestPath, { port, host, facilitatorUrl });
     const manifestContent = await import("fs").then(
       (fs) => JSON.parse(fs.readFileSync(manifestPath, "utf-8"))
     );