moltspay 1.2.1 → 1.3.0

package/dist/server/index.mjs

@@ -229,6 +229,236 @@ var CDPFacilitator = class extends BaseFacilitator {
   }
 };
 
+// src/chains/index.ts
+var CHAINS = {
+  // ============ Mainnet ============
+  base: {
+    name: "Base",
+    chainId: 8453,
+    rpc: "https://mainnet.base.org",
+    tokens: {
+      USDC: {
+        address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+        // EIP-712 domain name
+      },
+      USDT: {
+        address: "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2",
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+    // deprecated, for backward compat
+    explorer: "https://basescan.org/address/",
+    explorerTx: "https://basescan.org/tx/",
+    avgBlockTime: 2
+  },
+  polygon: {
+    name: "Polygon",
+    chainId: 137,
+    rpc: "https://polygon-bor-rpc.publicnode.com",
+    tokens: {
+      USDC: {
+        address: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0xc2132D05D31c914a87C6611C10748AEb04B58e8F",
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "(PoS) Tether USD"
+        // Polygon uses this name
+      }
+    },
+    usdc: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
+    explorer: "https://polygonscan.com/address/",
+    explorerTx: "https://polygonscan.com/tx/",
+    avgBlockTime: 2
+  },
+  // ============ Testnet ============
+  base_sepolia: {
+    name: "Base Sepolia",
+    chainId: 84532,
+    rpc: "https://sepolia.base.org",
+    tokens: {
+      USDC: {
+        address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "USDC"
+        // Testnet USDC uses 'USDC' not 'USD Coin'
+      },
+      USDT: {
+        address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+        // Same as USDC on testnet (no official USDT)
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "USDC"
+        // Uses same contract as USDC
+      }
+    },
+    usdc: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+    explorer: "https://sepolia.basescan.org/address/",
+    explorerTx: "https://sepolia.basescan.org/tx/",
+    avgBlockTime: 2
+  },
+  // ============ Tempo Testnet (Moderato) ============
+  tempo_moderato: {
+    name: "Tempo Moderato",
+    chainId: 42431,
+    rpc: "https://rpc.moderato.tempo.xyz",
+    tokens: {
+      // TIP-20 stablecoins on Tempo testnet (from mppx SDK)
+      // Note: Tempo uses USD as native gas token, not ETH
+      USDC: {
+        address: "0x20c0000000000000000000000000000000000000",
+        // pathUSD - primary testnet stablecoin
+        decimals: 6,
+        symbol: "USDC",
+        eip712Name: "pathUSD"
+      },
+      USDT: {
+        address: "0x20c0000000000000000000000000000000000001",
+        // alphaUSD
+        decimals: 6,
+        symbol: "USDT",
+        eip712Name: "alphaUSD"
+      }
+    },
+    usdc: "0x20c0000000000000000000000000000000000000",
+    explorer: "https://explore.testnet.tempo.xyz/address/",
+    explorerTx: "https://explore.testnet.tempo.xyz/tx/",
+    avgBlockTime: 0.5
+    // ~500ms finality
+  }
+};
+
+// src/facilitators/tempo.ts
+var TRANSFER_EVENT_TOPIC = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+var TempoFacilitator = class extends BaseFacilitator {
+  name = "tempo";
+  displayName = "Tempo Testnet";
+  supportedNetworks = ["eip155:42431"];
+  // Tempo Moderato
+  rpcUrl;
+  constructor() {
+    super();
+    this.rpcUrl = CHAINS.tempo_moderato.rpc;
+  }
+  async healthCheck() {
+    const start = Date.now();
+    try {
+      const response = await fetch(this.rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "eth_chainId",
+          params: [],
+          id: 1
+        })
+      });
+      const data = await response.json();
+      const chainId = parseInt(data.result, 16);
+      if (chainId !== 42431) {
+        return { healthy: false, error: `Wrong chainId: ${chainId}` };
+      }
+      return { healthy: true, latencyMs: Date.now() - start };
+    } catch (error) {
+      return { healthy: false, error: String(error) };
+    }
+  }
+  async verify(paymentPayload, requirements) {
+    try {
+      const tempoPayload = paymentPayload.payload;
+      if (!tempoPayload?.txHash) {
+        return { valid: false, error: "Missing txHash in payment payload" };
+      }
+      const receipt = await this.getTransactionReceipt(tempoPayload.txHash);
+      if (!receipt) {
+        return { valid: false, error: "Transaction not found" };
+      }
+      if (receipt.status !== "0x1") {
+        return { valid: false, error: "Transaction failed" };
+      }
+      const transferLog = receipt.logs.find(
+        (log) => log.topics[0] === TRANSFER_EVENT_TOPIC
+      );
+      if (!transferLog) {
+        return { valid: false, error: "No Transfer event found" };
+      }
+      const toAddress = "0x" + transferLog.topics[2].slice(26).toLowerCase();
+      const expectedTo = requirements.payTo.toLowerCase();
+      if (toAddress !== expectedTo) {
+        return {
+          valid: false,
+          error: `Wrong recipient: ${toAddress}, expected ${expectedTo}`
+        };
+      }
+      const amount = BigInt(transferLog.data);
+      const expectedAmount = BigInt(requirements.amount);
+      if (amount < expectedAmount) {
+        return {
+          valid: false,
+          error: `Insufficient amount: ${amount}, expected ${expectedAmount}`
+        };
+      }
+      const tokenAddress = transferLog.address.toLowerCase();
+      const expectedToken = requirements.asset.toLowerCase();
+      if (tokenAddress !== expectedToken) {
+        return {
+          valid: false,
+          error: `Wrong token: ${tokenAddress}, expected ${expectedToken}`
+        };
+      }
+      return {
+        valid: true,
+        details: {
+          txHash: tempoPayload.txHash,
+          from: "0x" + transferLog.topics[1].slice(26),
+          to: toAddress,
+          amount: amount.toString(),
+          token: tokenAddress
+        }
+      };
+    } catch (error) {
+      return { valid: false, error: `Verification failed: ${error}` };
+    }
+  }
+  async settle(paymentPayload, requirements) {
+    const verifyResult = await this.verify(paymentPayload, requirements);
+    if (!verifyResult.valid) {
+      return { success: false, error: verifyResult.error };
+    }
+    const tempoPayload = paymentPayload.payload;
+    return {
+      success: true,
+      transaction: tempoPayload.txHash,
+      status: "settled"
+    };
+  }
+  async getTransactionReceipt(txHash) {
+    const response = await fetch(this.rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        method: "eth_getTransactionReceipt",
+        params: [txHash],
+        id: 1
+      })
+    });
+    const data = await response.json();
+    return data.result;
+  }
+};
+
 // src/facilitators/registry.ts
 var FacilitatorRegistry = class {
   factories = /* @__PURE__ */ new Map();
@@ -237,7 +467,8 @@ var FacilitatorRegistry = class {
   roundRobinIndex = 0;
   constructor(selection) {
     this.registerFactory("cdp", (config) => new CDPFacilitator(config));
-    this.selection = selection || { primary: "cdp", strategy: "failover" };
+    this.registerFactory("tempo", () => new TempoFacilitator());
+    this.selection = selection || { primary: "cdp", fallback: ["tempo"], strategy: "failover" };
   }
   /**
    * Register a new facilitator factory
@@ -458,6 +689,9 @@ var X402_VERSION2 = 2;
 var PAYMENT_REQUIRED_HEADER = "x-payment-required";
 var PAYMENT_HEADER = "x-payment";
 var PAYMENT_RESPONSE_HEADER = "x-payment-response";
+var MPP_AUTH_HEADER = "authorization";
+var MPP_WWW_AUTH_HEADER = "www-authenticate";
+var MPP_RECEIPT_HEADER = "payment-receipt";
 var TOKEN_ADDRESSES = {
   "eip155:8453": {
     USDC: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
@@ -471,12 +705,20 @@ var TOKEN_ADDRESSES = {
   "eip155:137": {
     USDC: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
     USDT: "0xc2132D05D31c914a87C6611C10748AEb04B58e8F"
+  },
+  "eip155:42431": {
+    // Tempo Moderato testnet - TIP-20 stablecoins
+    USDC: "0x20c0000000000000000000000000000000000000",
+    // pathUSD
+    USDT: "0x20c0000000000000000000000000000000000001"
+    // alphaUSD
   }
 };
 var CHAIN_TO_NETWORK = {
   "base": "eip155:8453",
   "base_sepolia": "eip155:84532",
-  "polygon": "eip155:137"
+  "polygon": "eip155:137",
+  "tempo_moderato": "eip155:42431"
 };
 var TOKEN_DOMAINS = {
   // Base mainnet
@@ -494,6 +736,11 @@ var TOKEN_DOMAINS = {
   "eip155:137": {
     USDC: { name: "USD Coin", version: "2" },
     USDT: { name: "(PoS) Tether USD", version: "2" }
+  },
+  // Tempo Moderato testnet - TIP-20 stablecoins
+  "eip155:42431": {
+    USDC: { name: "pathUSD", version: "1" },
+    USDT: { name: "alphaUSD", version: "1" }
   }
 };
 function getTokenDomain(network, token) {
@@ -551,9 +798,11 @@ var MoltsPayServer = class {
     };
     this.useMainnet = process.env.USE_MAINNET?.toLowerCase() === "true";
     this.networkId = this.useMainnet ? "eip155:8453" : "eip155:84532";
+    const defaultFallback = ["tempo"];
+    const envFallback = process.env.FACILITATOR_FALLBACK?.split(",").filter(Boolean);
     const facilitatorConfig = options.facilitators || {
       primary: process.env.FACILITATOR_PRIMARY || "cdp",
-      fallback: process.env.FACILITATOR_FALLBACK?.split(",").filter(Boolean),
+      fallback: envFallback || defaultFallback,
       strategy: process.env.FACILITATOR_STRATEGY || "failover",
       config: {
         cdp: { useMainnet: this.useMainnet }
@@ -647,8 +896,8 @@ var MoltsPayServer = class {
   async handleRequest(req, res) {
     res.setHeader("Access-Control-Allow-Origin", "*");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Payment");
-    res.setHeader("Access-Control-Expose-Headers", "X-Payment-Required, X-Payment-Response");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Payment, Authorization");
+    res.setHeader("Access-Control-Expose-Headers", "X-Payment-Required, X-Payment-Response, WWW-Authenticate, Payment-Receipt");
     if (req.method === "OPTIONS") {
       res.writeHead(204);
       res.end();
@@ -679,6 +928,14 @@ var MoltsPayServer = class {
         const paymentHeader = req.headers[PAYMENT_HEADER];
         return await this.handleProxy(body, paymentHeader, res);
       }
+      const servicePath = url.pathname.replace(/^\//, "");
+      const skill = this.skills.get(servicePath);
+      if (skill && (req.method === "POST" || req.method === "GET")) {
+        const body = req.method === "POST" ? await this.readBody(req) : {};
+        const authHeader = req.headers[MPP_AUTH_HEADER];
+        const x402Header = req.headers[PAYMENT_HEADER];
+        return await this.handleMPPRequest(skill, body, authHeader, x402Header, res);
+      }
       this.sendJson(res, 404, { error: "Not found" });
     } catch (err) {
       console.error("[MoltsPay] Error:", err);
@@ -862,6 +1119,187 @@ var MoltsPayServer = class {
       payment: settlement?.success ? { transaction: settlement.transaction, status: "settled", facilitator: settlement.facilitator } : { status: "pending" }
     }, responseHeaders);
   }
+  /**
+   * Handle MPP (Machine Payments Protocol) request
+   * Supports both x402 and MPP protocols on service endpoints
+   */
+  async handleMPPRequest(skill, body, authHeader, x402Header, res) {
+    const config = skill.config;
+    const params = body || {};
+    if (x402Header) {
+      return await this.handleExecute({ service: config.id, params }, x402Header, res);
+    }
+    if (authHeader && authHeader.toLowerCase().startsWith("payment ")) {
+      return await this.handleMPPPayment(skill, params, authHeader, res);
+    }
+    return this.sendMPPPaymentRequired(config, res);
+  }
+  /**
+   * Handle MPP payment verification and service execution
+   */
+  async handleMPPPayment(skill, params, authHeader, res) {
+    const config = skill.config;
+    const credentialMatch = authHeader.match(/Payment\s+(.+)/i);
+    if (!credentialMatch) {
+      return this.sendJson(res, 400, { error: "Invalid Authorization header format" });
+    }
+    let mppCredential;
+    try {
+      const base64 = credentialMatch[1].replace(/-/g, "+").replace(/_/g, "/");
+      const decoded = Buffer.from(base64, "base64").toString("utf-8");
+      mppCredential = JSON.parse(decoded);
+    } catch (err) {
+      console.error("[MoltsPay] Failed to parse MPP credential:", err);
+      return this.sendJson(res, 400, { error: "Invalid payment credential encoding" });
+    }
+    let txHash;
+    if (mppCredential.payload?.type === "hash" && mppCredential.payload?.hash) {
+      txHash = mppCredential.payload.hash;
+    } else if (mppCredential.payload?.type === "transaction") {
+      return this.sendJson(res, 400, {
+        error: "Transaction type not supported. Please use push mode (hash type)."
+      });
+    }
+    if (!txHash) {
+      return this.sendJson(res, 400, { error: "Missing transaction hash in credential" });
+    }
+    let chainId = mppCredential.challenge?.request?.methodDetails?.chainId;
+    if (!chainId && mppCredential.source) {
+      const chainMatch = mppCredential.source.match(/eip155:(\d+)/);
+      if (chainMatch) chainId = parseInt(chainMatch[1], 10);
+    }
+    chainId = chainId || 42431;
+    const network = `eip155:${chainId}`;
+    if (!this.isNetworkAccepted(network)) {
+      return this.sendJson(res, 402, {
+        error: `Network not accepted: ${network}`
+      });
+    }
+    const requirements = this.buildPaymentRequirements(
+      config,
+      network,
+      this.getWalletForNetwork(network),
+      "USDC"
+    );
+    const paymentPayload = {
+      x402Version: X402_VERSION2,
+      scheme: "exact",
+      network,
+      payload: {
+        txHash,
+        chainId
+      }
+    };
+    console.log(`[MoltsPay] Verifying MPP payment: txHash=${txHash}, chainId=${chainId}`);
+    const verification = await this.registry.verify(paymentPayload, requirements);
+    if (!verification.valid) {
+      return this.sendJson(res, 402, {
+        error: `Payment verification failed: ${verification.error}`
+      });
+    }
+    console.log(`[MoltsPay] Payment verified! Executing service: ${config.id}`);
+    let result;
+    try {
+      result = await skill.handler(params);
+    } catch (err) {
+      console.error(`[MoltsPay] Skill execution error:`, err);
+      return this.sendJson(res, 500, {
+        error: `Service execution failed: ${err.message}`
+      });
+    }
+    const receipt = {
+      success: true,
+      txHash,
+      network,
+      facilitator: verification.facilitator
+    };
+    const receiptEncoded = Buffer.from(JSON.stringify(receipt)).toString("base64");
+    res.writeHead(200, {
+      "Content-Type": "application/json",
+      [MPP_RECEIPT_HEADER]: receiptEncoded
+    });
+    res.end(JSON.stringify({
+      success: true,
+      result,
+      payment: {
+        txHash,
+        status: "verified",
+        facilitator: verification.facilitator
+      }
+    }, null, 2));
+  }
+  /**
+   * Return 402 with both x402 and MPP payment requirements
+   */
+  sendMPPPaymentRequired(config, res) {
+    const acceptedTokens = getAcceptedCurrencies(config);
+    const providerChains = this.getProviderChains();
+    const accepts = [];
+    for (const chainConfig of providerChains) {
+      for (const token of acceptedTokens) {
+        if (chainConfig.tokens.includes(token)) {
+          accepts.push(this.buildPaymentRequirements(config, chainConfig.network, chainConfig.wallet, token));
+        }
+      }
+    }
+    const x402PaymentRequired = {
+      x402Version: X402_VERSION2,
+      accepts,
+      acceptedCurrencies: acceptedTokens,
+      resource: {
+        url: `/${config.id}`,
+        description: `${config.name} - $${config.price} ${config.currency}`
+      }
+    };
+    const x402Encoded = Buffer.from(JSON.stringify(x402PaymentRequired)).toString("base64");
+    const tempoChain = providerChains.find((c) => c.network === "eip155:42431");
+    let mppWwwAuth = "";
+    if (tempoChain) {
+      const challengeId = this.generateChallengeId();
+      const amountInUnits = Math.floor(config.price * 1e6).toString();
+      const tokenAddress = TOKEN_ADDRESSES["eip155:42431"]?.USDC || "0x20c0000000000000000000000000000000000000";
+      const mppRequest = {
+        amount: amountInUnits,
+        currency: tokenAddress,
+        methodDetails: {
+          chainId: 42431,
+          feePayer: true
+        },
+        recipient: tempoChain.wallet
+      };
+      const mppRequestEncoded = Buffer.from(JSON.stringify(mppRequest)).toString("base64");
+      const expiresAt = new Date(Date.now() + 5 * 60 * 1e3).toISOString();
+      mppWwwAuth = `Payment id="${challengeId}", realm="${this.manifest.provider.name}", method="tempo", intent="charge", request="${mppRequestEncoded}", description="${config.name}", expires="${expiresAt}"`;
+    }
+    const headers = {
+      "Content-Type": "application/problem+json",
+      [PAYMENT_REQUIRED_HEADER]: x402Encoded
+    };
+    if (mppWwwAuth) {
+      headers[MPP_WWW_AUTH_HEADER] = mppWwwAuth;
+    }
+    res.writeHead(402, headers);
+    res.end(JSON.stringify({
+      type: "https://paymentauth.org/problems/payment-required",
+      title: "Payment Required",
+      status: 402,
+      detail: `Payment is required (${config.name}).`,
+      service: config.id,
+      price: config.price,
+      currency: config.currency,
+      acceptedCurrencies: acceptedTokens
+    }, null, 2));
+  }
+  /**
+   * Generate a unique challenge ID for MPP
+   */
+  generateChallengeId() {
+    const bytes = new Uint8Array(24);
+    for (let i = 0; i < bytes.length; i++) {
+      bytes[i] = Math.floor(Math.random() * 256);
+    }
+    return Buffer.from(bytes).toString("base64url");
+  }
   /**
    * Return 402 with x402 payment requirements (v2 format)
    * Includes requirements for all chains and all accepted currencies