payment-kit 1.20.16 → 1.20.18

package/.env

@@ -1 +1,2 @@
 COMPONENT_STORE_URL="https://test.store.blocklet.dev"
+LOG_LEVEL=debug

package/api/src/index.ts

@@ -37,6 +37,7 @@ import { startUploadBillingInfoListener } from './queues/space';
 import { startSubscriptionQueue } from './queues/subscription';
 import { startVendorCommissionQueue } from './queues/vendors/commission';
 import { startVendorFulfillmentQueue } from './queues/vendors/fulfillment';
+import { startCoordinatedFulfillmentQueue } from './queues/vendors/fulfillment-coordinator';
 import routes from './routes';
 import autoRechargeAuthorizationHandlers from './routes/connect/auto-recharge-auth';
 import changePaymentHandlers from './routes/connect/change-payment';
@@ -131,6 +132,7 @@ export const server = app.listen(port, (err?: any) => {
   startPayoutQueue().then(() => logger.info('payout queue started'));
   startVendorCommissionQueue().then(() => logger.info('vendor commission queue started'));
   startVendorFulfillmentQueue().then(() => logger.info('vendor fulfillment queue started'));
+  startCoordinatedFulfillmentQueue().then(() => logger.info('coordinated fulfillment queue started'));
   startCheckoutSessionQueue().then(() => logger.info('checkoutSession queue started'));
   startNotificationQueue().then(() => logger.info('notification queue started'));
   startRefundQueue().then(() => logger.info('refund queue started'));

package/api/src/libs/vendor-util/adapters/didnames-adapter.ts

@@ -0,0 +1,412 @@
+import { VendorAuth } from '@blocklet/payment-vendor';
+import { toBase58 } from '@ocap/util';
+import stableStringify from 'json-stable-stringify';
+import { v4 as uuidV4 } from 'uuid';
+
+import { ProductVendor } from '../../../store/models';
+import { wallet } from '../../auth';
+import logger from '../../logger';
+import {
+  CheckOrderStatusParams,
+  CheckOrderStatusResult,
+  FulfillOrderParams,
+  FulfillOrderResult,
+  ReturnRequestParams,
+  ReturnRequestResult,
+  VendorAdapter,
+  VendorConfig,
+} from './types';
+import { formatVendorUrl } from './util';
+
+export class DidnamesAdapter implements VendorAdapter {
+  private vendorConfig: VendorConfig | null = null;
+  private vendorKey: string;
+
+  constructor(vendorInfo: VendorConfig | string) {
+    if (typeof vendorInfo === 'string') {
+      this.vendorKey = vendorInfo;
+      this.vendorConfig = null;
+    } else {
+      this.vendorKey = vendorInfo.id;
+      this.vendorConfig = vendorInfo;
+    }
+  }
+
+  /**
+   * Generate random subdomain for documentation site
+   * Format: [prefix][separator][timestamp-suffix] or pure timestamp
+   * Configurable length, prefix, separator with timestamp-based uniqueness
+   */
+  private generateRandomSubdomain(
+    options: {
+      totalLength?: number; // Total subdomain length (default: 9)
+      prefix?: string; // Prefix (default: 'doc')
+      usePrefix?: boolean; // Whether to use prefix (default: true)
+      separator?: string; // Separator between prefix and suffix (default: '-')
+    } = {}
+  ): string {
+    const { totalLength = 8, prefix = 'doc', usePrefix = true, separator = '-' } = options;
+
+    if (usePrefix) {
+      // With prefix: 'doc' + separator + timestamp suffix
+      const prefixWithSeparatorLength = prefix.length + separator.length;
+      const suffixLength = totalLength - prefixWithSeparatorLength;
+      if (suffixLength <= 0) {
+        throw new Error(
+          `Total length (${totalLength}) must be greater than prefix + separator length (${prefixWithSeparatorLength})`
+        );
+      }
+
+      const timestamp = Date.now();
+      const timeStr = timestamp.toString(36);
+      let suffix = timeStr.slice(-suffixLength);
+
+      // Pad with random chars if timestamp is shorter than needed
+      while (suffix.length < suffixLength) {
+        suffix = Math.floor(Math.random() * 36).toString(36) + suffix;
+      }
+
+      return `${prefix}${separator}${suffix}`;
+    }
+
+    // Pure timestamp-based without prefix
+    const timestamp = Date.now();
+    const timeStr = timestamp.toString(36);
+    let result = timeStr.slice(-totalLength);
+
+    // Pad with random chars if needed
+    while (result.length < totalLength) {
+      result = Math.floor(Math.random() * 36).toString(36) + result;
+    }
+
+    return result;
+  }
+
+  /**
+   * Generate bindDomainCap (binding capability) for domain authorization
+   */
+  private generateBindCap({ domain, checkoutSessionId }: { domain: string; checkoutSessionId: string }): any {
+    const now = Math.floor(Date.now() / 1000);
+    const expireInMinutes = 30;
+
+    const cap = {
+      domain,
+      checkoutSessionId,
+      nbf: now, // not before
+      exp: now + expireInMinutes * 60,
+      nonce: uuidV4(),
+    };
+
+    const signature = toBase58(wallet.sign(stableStringify(cap) || ''));
+
+    return {
+      cap,
+      sig: signature,
+    };
+  }
+
+  async getVendorConfig(): Promise<VendorConfig> {
+    if (this.vendorConfig === null) {
+      this.vendorConfig = await ProductVendor.findOne({ where: { vendor_key: this.vendorKey } });
+      if (!this.vendorConfig) {
+        throw new Error(`Vendor not found: ${this.vendorKey}`);
+      }
+    }
+    return this.vendorConfig;
+  }
+
+  async fulfillOrder(params: FulfillOrderParams): Promise<FulfillOrderResult> {
+    logger.info('Creating didnames order with domain binding', {
+      checkoutSessionId: params.checkoutSessionId,
+      productCode: params.productCode,
+      customerId: params.customerId,
+    });
+
+    const vendorConfig = await this.getVendorConfig();
+
+    try {
+      const rootDomain = vendorConfig.metadata?.rootDomain;
+      if (!rootDomain) {
+        throw new Error('missing required metadata in didnames vendor: rootDomain');
+      }
+
+      logger.info('didnames vendor rootDomain', { rootDomain });
+
+      const subdomain = this.generateRandomSubdomain({ totalLength: 8 });
+      const domain = `${subdomain}.${rootDomain}`;
+
+      const { checkoutSessionId } = params;
+      const bindDomainCap = this.generateBindCap({
+        domain,
+        checkoutSessionId,
+      });
+
+      params.deliveryParams.customParams = {
+        ...params.deliveryParams.customParams,
+        years: 1,
+        whoisPrivacy: true,
+        subdomain,
+        rootDomain,
+        domain,
+        checkoutSessionId,
+        bindDomainCap,
+      };
+
+      const orderData = {
+        checkoutSessionId: params.checkoutSessionId,
+        description: params.description,
+        userInfo: params.userInfo,
+        deliveryParams: params.deliveryParams,
+      };
+
+      const url = formatVendorUrl(vendorConfig, '/api/vendor/deliveries');
+      logger.info('submitting domain delivery to DID Names', {
+        subdomain,
+        url,
+      });
+
+      const { headers, body } = VendorAuth.signRequestWithHeaders(orderData);
+
+      const response = await fetch(url, {
+        method: 'POST',
+        headers,
+        body,
+      });
+
+      if (!response.ok) {
+        const errorBody = await response.text();
+        logger.error('DID Names API error', {
+          url,
+          status: response.status,
+          statusText: response.statusText,
+          body: errorBody,
+        });
+        throw new Error(`DID Names API error: ${response.status} ${response.statusText}`);
+      }
+
+      const didNamesResult = await response.json();
+
+      const result: FulfillOrderResult = {
+        orderId: didNamesResult.orderId,
+        status: didNamesResult.status || 'pending',
+        serviceUrl: `https://${subdomain}.${rootDomain}`, // User expects to access via custom domain
+        estimatedTime: didNamesResult.estimatedTime || 300,
+        message: didNamesResult.message || 'Domain binding order created successfully',
+        vendorOrderId: didNamesResult.orderId,
+        progress: didNamesResult.progress || 0,
+        orderDetails: {
+          productCode: params.productCode,
+          customerId: params.customerId,
+          amount: params.amount,
+          currency: params.currency,
+          quantity: params.quantity,
+          invoiceId: params.invoiceId,
+          customParams: {
+            ...params.customParams,
+            subdomain,
+            rootDomain,
+            domain: didNamesResult.domain || domain,
+            nftDid: didNamesResult.nftDid,
+            sessionId: params.customParams?.checkoutSessionId,
+            bindDomainCap,
+          },
+        },
+        installationInfo: {
+          appId: didNamesResult.appId || `app_${subdomain.replace(/\./g, '_')}`,
+          appUrl: `https://${subdomain}.${rootDomain}`, // Custom domain URL
+          adminUrl: didNamesResult.adminUrl || `https://${subdomain}.${rootDomain}/admin`,
+          status: didNamesResult.installationStatus || didNamesResult.status || 'installing',
+          estimatedCompletionTime:
+            didNamesResult.estimatedCompletionTime || new Date(Date.now() + 300000).toISOString(),
+        },
+      };
+
+      logger.info('Didnames order created successfully', {
+        orderId: result.orderId,
+        status: result.status,
+        subdomain,
+        serviceUrl: result.serviceUrl,
+      });
+
+      return result;
+    } catch (error: any) {
+      logger.error('Failed to create didnames order', {
+        error,
+        productCode: params.productCode,
+        customerId: params.customerId,
+      });
+
+      throw error;
+    }
+  }
+
+  async requestReturn(params: ReturnRequestParams): Promise<ReturnRequestResult> {
+    logger.info('Requesting return for Didnames order', {
+      orderId: params.orderId,
+      reason: params.reason,
+    });
+
+    const vendorConfig = await this.getVendorConfig();
+
+    try {
+      const returnRequest = {
+        orderId: params.orderId,
+        vendorOrderId: params.vendorOrderId,
+        reason: params.reason,
+        customParams: params.customParams,
+      };
+
+      const { headers, body } = VendorAuth.signRequestWithHeaders(returnRequest);
+      const url = formatVendorUrl(vendorConfig, '/api/vendor/return');
+      logger.info('submitting domain return to DID Names', {
+        url,
+      });
+      const response = await fetch(url, {
+        method: 'POST',
+        headers,
+        body,
+      });
+
+      if (!response.ok) {
+        const errorBody = await response.text();
+        logger.error('domain return to DID Names API error', {
+          url,
+          status: response.status,
+          statusText: response.statusText,
+          body: errorBody,
+        });
+        throw new Error(`DID Names API error: ${response.status} ${response.statusText}`);
+      }
+
+      const didNamesResult = await response.json();
+
+      logger.info('domain return to DID Names processed', {
+        url,
+        orderId: params.orderId,
+        status: didNamesResult.status,
+      });
+
+      return {
+        status: didNamesResult.status || 'requested',
+        message: didNamesResult.message || 'Domain unbinding requested',
+      };
+    } catch (error: any) {
+      logger.error('Failed to process return request', {
+        error: error.message,
+        orderId: params.orderId,
+      });
+
+      throw error;
+    }
+  }
+
+  async checkOrderStatus(params: CheckOrderStatusParams): Promise<CheckOrderStatusResult> {
+    logger.info('Checking Didnames order status', {
+      orderId: params.orderId,
+    });
+
+    try {
+      const vendorConfig = await this.getVendorConfig();
+      const url = formatVendorUrl(vendorConfig, `/api/vendor/orders/${params.orderId}/status`);
+
+      const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+      });
+
+      if (!response.ok) {
+        logger.warn('DID Names order status check failed', {
+          orderId: params.orderId,
+          status: response.status,
+        });
+        return { status: 'processing' };
+      }
+
+      const orderStatus = await response.json();
+      let status: 'processing' | 'completed' | 'failed' = 'processing';
+
+      switch (orderStatus.status) {
+        case 'completed':
+        case 'active':
+        case 'failed':
+        case 'rejected':
+        case 'error':
+          status = 'failed';
+          break;
+        default:
+          status = 'processing';
+      }
+
+      logger.info('Didnames order status checked', {
+        orderId: params.orderId,
+        status,
+        didNamesStatus: orderStatus.status,
+        domain: params.domain,
+      });
+
+      return { status };
+    } catch (error: any) {
+      logger.error('Failed to check didnames order status', {
+        error: error.message,
+        orderId: params.orderId,
+      });
+
+      throw error;
+    }
+  }
+
+  async getOrder(vendor: ProductVendor, orderId: string): Promise<any> {
+    const url = formatVendorUrl(vendor, `/api/vendor/orders/${orderId}`);
+
+    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const response = await fetch(url, { method: 'GET', headers });
+
+    if (!response.ok) {
+      logger.error('Failed to get didnames order', {
+        url,
+        orderId,
+        status: response.status,
+        statusText: response.statusText,
+      });
+      throw new Error(`Failed to get order: ${response.status} ${response.statusText}`);
+    }
+
+    const data = await response.json();
+    return data;
+  }
+
+  async getOrderStatus(vendor: ProductVendor, orderId: string): Promise<any> {
+    const url = formatVendorUrl(vendor, `/api/vendor/status/${orderId}`);
+
+    logger.info('getting didnames order status', {
+      url,
+      orderId,
+    });
+
+    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const response = await fetch(url, { method: 'GET', headers });
+
+    logger.info('didnames order status response', {
+      url,
+      orderId,
+      status: response.status,
+      statusText: response.statusText,
+    });
+
+    if (!response.ok) {
+      logger.error('Failed to get didnames order status', {
+        url,
+        orderId,
+        status: response.status,
+        statusText: response.statusText,
+      });
+      throw new Error(`Failed to get order status: ${response.status} ${response.statusText}`);
+    }
+
+    const data = await response.json();
+
+    return data;
+  }
+}

package/api/src/libs/vendor-util/adapters/factory.ts

@@ -1,4 +1,6 @@
 import { BN } from '@ocap/util';
+
+import { DidnamesAdapter } from './didnames-adapter';
 import { LauncherAdapter } from './launcher-adapter';
 import { VendorAdapter } from './types';
 import { ProductVendor } from '../../../store/models';
@@ -26,16 +28,39 @@ export class VendorAdapterFactory {
     if (!vendorConfig) {
       throw new Error(`Vendor not found: ${vendorKey}`);
     }
+
     switch (vendorConfig.vendor_type) {
       case 'launcher':
         return new LauncherAdapter(vendorConfig);
+      case 'didnames':
+        return new DidnamesAdapter(vendorConfig);
       default:
         throw new Error(`Unsupported vendor: ${vendorConfig.vendor_type}`);
     }
   }
 
+  /**
+   * Create coordinated adapters for domain binding workflow
+   * @param vendorKeys Array of vendor keys in execution order
+   */
+  static async createCoordinated(vendorKeys: string[]): Promise<{
+    didnamesAdapter?: DidnamesAdapter;
+    launcherAdapter?: LauncherAdapter;
+  }> {
+    const adapters: { [key: string]: VendorAdapter } = {};
+
+    for (const vendorKey of vendorKeys) {
+      adapters[vendorKey] = await this.create(vendorKey); // eslint-disable-line no-await-in-loop
+    }
+
+    return {
+      didnamesAdapter: adapters.didnames as DidnamesAdapter,
+      launcherAdapter: adapters.launcher as LauncherAdapter,
+    };
+  }
+
   static getSupportedVendors(): string[] {
-    return ['launcher'];
+    return ['launcher', 'didnames'];
   }
 
   static isSupported(vendorKey: string): boolean {

package/api/src/libs/vendor-util/adapters/launcher-adapter.ts

@@ -1,8 +1,9 @@
 import { Auth as VendorAuth } from '@blocklet/payment-vendor';
 
-import { joinURL } from 'ufo';
 import { ProductVendor } from '../../../store/models';
+import dayjs from '../../dayjs';
 import logger from '../../logger';
+import { formatToShortUrl } from '../../url';
 import { api } from '../../util';
 import {
   CheckOrderStatusParams,
@@ -14,6 +15,51 @@ import {
   VendorAdapter,
   VendorConfig,
 } from './types';
+import { formatVendorUrl } from './util';
+
+const doRequestVendorData = (vendor: ProductVendor, orderId: string, url: string) => {
+  const { headers } = VendorAuth.signRequestWithHeaders({});
+  const name = vendor?.name;
+  const key = vendor?.vendor_key;
+
+  return fetch(url, { headers })
+    .then(async (r) => {
+      const data = await r.json();
+      if (r.status !== 200) {
+        logger.error('vendor status fetch failed', {
+          vendorId: vendor.id,
+          vendorKey: vendor.vendor_key,
+          orderId,
+          status: r.status,
+          url,
+          data,
+        });
+        throw new Error(
+          `vendor status fetch failed, vendor: ${vendor.vendor_key}, orderId: ${orderId}, status: ${r.status}, url: ${url}`
+        );
+      }
+      if (!data.dashboardUrl) {
+        return {
+          ...data,
+          name,
+          key,
+        };
+      }
+
+      const validUntil = dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00');
+      const maxVisits = 5;
+      const homeUrl = await formatToShortUrl({ url: data.homeUrl, maxVisits, validUntil });
+      const dashboardUrl = await formatToShortUrl({ url: data.dashboardUrl, maxVisits, validUntil });
+      return {
+        ...data,
+        name,
+        key,
+        homeUrl,
+        dashboardUrl,
+      };
+    })
+    .catch((e) => ({ error: e.message }));
+};
 
 export class LauncherAdapter implements VendorAdapter {
   private vendorConfig: VendorConfig | null = null;
@@ -40,12 +86,12 @@ export class LauncherAdapter implements VendorAdapter {
       productCode: params.productCode,
       customerId: params.customerId,
       description: params.description,
+      bindCapInfo: params.deliveryParams?.customParams?.bindDomainCap ? 'present' : 'not present',
     });
 
     const vendorConfig = await this.getVendorConfig();
 
     try {
-      const launcherApiUrl = vendorConfig.app_url;
       const orderData = {
         checkoutSessionId: params.checkoutSessionId,
         description: params.description,
@@ -53,19 +99,42 @@ export class LauncherAdapter implements VendorAdapter {
         deliveryParams: params.deliveryParams,
       };
 
+      // Extract bindDomainCap related params if present
+      const customParams = params.deliveryParams?.customParams || {};
+      const { domain, sessionId, bindDomainCap, domainNftDid } = customParams;
+
+      if (bindDomainCap && domain && sessionId) {
+        logger.info('passing domain binding authorization to Blocklet Server', {
+          domain,
+          sessionId: `${sessionId.substring(0, 8)}...`, // Log partial sessionId for security
+          hasBindCap: true,
+        });
+
+        // Ensure bindDomainCap data is passed through to Blocklet Server
+        orderData.deliveryParams = {
+          ...orderData.deliveryParams,
+          customParams: {
+            ...orderData.deliveryParams.customParams,
+            domain,
+            sessionId,
+            bindDomainCap,
+            domainNftDid,
+          },
+        };
+      }
+
       const { headers, body } = VendorAuth.signRequestWithHeaders(orderData);
-      const response = await fetch(
-        joinURL(launcherApiUrl, vendorConfig.metadata?.mountPoint || '', '/api/vendor/deliveries'),
-        {
-          method: 'POST',
-          headers,
-          body,
-        }
-      );
+      const url = formatVendorUrl(vendorConfig, '/api/vendor/deliveries');
+      const response = await fetch(url, {
+        method: 'POST',
+        headers,
+        body,
+      });
 
       if (!response.ok) {
         const errorBody = await response.text();
-        logger.error('Launcher API error', {
+        logger.error('call launcher API error', {
+          url,
           status: response.status,
           statusText: response.statusText,
           body: errorBody,
@@ -90,7 +159,18 @@ export class LauncherAdapter implements VendorAdapter {
           currency: params.currency,
           quantity: params.quantity,
           invoiceId: params.invoiceId,
-          customParams: params.customParams,
+          customParams: {
+            ...params.customParams,
+            // Include domain binding info if available
+            ...(customParams.bindDomainCap
+              ? {
+                  domain: customParams.domain,
+                  sessionId: customParams.sessionId,
+                  bindDomainCap: customParams.bindDomainCap,
+                  domainNftDid: customParams.domainNftDid,
+                }
+              : {}),
+          },
         },
         installationInfo: {
           appId: launcherResult.appId,
@@ -110,7 +190,7 @@ export class LauncherAdapter implements VendorAdapter {
       return result;
     } catch (error: any) {
       logger.error('Failed to create launcher order', {
-        error: error.message,
+        error,
         productCode: params.productCode,
         customerId: params.customerId,
       });
@@ -126,17 +206,13 @@ export class LauncherAdapter implements VendorAdapter {
     });
 
     const vendorConfig = await this.getVendorConfig();
-    const launcherApiUrl = vendorConfig.app_url;
     const { headers, body } = VendorAuth.signRequestWithHeaders(params);
 
-    const response = await fetch(
-      joinURL(launcherApiUrl, vendorConfig.metadata?.mountPoint || '', '/api/vendor/return'),
-      {
-        method: 'POST',
-        headers,
-        body,
-      }
-    );
+    const response = await fetch(formatVendorUrl(vendorConfig, '/api/vendor/return'), {
+      method: 'POST',
+      headers,
+      body,
+    });
 
     if (!response.ok) {
       const errorBody = await response.text();
@@ -178,4 +254,16 @@ export class LauncherAdapter implements VendorAdapter {
       throw error;
     }
   }
+
+  getOrderStatus(vendor: ProductVendor, orderId: string): Promise<any> {
+    const url = formatVendorUrl(vendor, `/api/vendor/status/${orderId}`);
+
+    return doRequestVendorData(vendor, orderId, url);
+  }
+
+  getOrder(vendor: ProductVendor, orderId: string): Promise<any> {
+    const url = formatVendorUrl(vendor, `/api/vendor/orders/${orderId}`);
+
+    return doRequestVendorData(vendor, orderId, url);
+  }
 }

package/api/src/libs/vendor-util/adapters/types.ts

@@ -1,3 +1,5 @@
+import type { ProductVendor } from '../../../store/models';
+
 export interface VendorConfig {
   id: string;
   vendor_key: string;
@@ -85,4 +87,6 @@ export interface VendorAdapter {
   fulfillOrder(params: FulfillOrderParams): Promise<FulfillOrderResult>;
   requestReturn(params: ReturnRequestParams): Promise<ReturnRequestResult>;
   checkOrderStatus(params: CheckOrderStatusParams): Promise<CheckOrderStatusResult>;
+  getOrder(vendor: ProductVendor, orderId: string): Promise<any>;
+  getOrderStatus(vendor: ProductVendor, orderId: string): Promise<any>;
 }

package/api/src/libs/vendor-util/adapters/util.ts

@@ -0,0 +1,7 @@
+import { joinURL } from 'ufo';
+
+import type { VendorConfig } from './types';
+
+export const formatVendorUrl = (vendorConfig: VendorConfig, p: string) => {
+  return joinURL(vendorConfig.app_url, vendorConfig.metadata?.mountPoint || '', p);
+};

package/api/src/libs/vendor-util/fulfillment.ts

@@ -47,7 +47,8 @@ export class VendorFulfillmentService {
       currency_id: string;
       customer_did: string;
     },
-    vendorConfig: any
+    vendorConfig: any,
+    sharedContext?: any // Pass bindDomainCap and other shared data between vendors
   ): Promise<VendorFulfillmentResult> {
     try {
       const vendor = await ProductVendor.findByPk(vendorConfig.vendor_id);
@@ -87,7 +88,11 @@ export class VendorFulfillmentService {
         },
         deliveryParams: {
           blockletMetaUrl: vendor.metadata?.blockletMetaUrl,
-          customParams: vendorConfig.custom_params,
+          customParams: {
+            ...vendorConfig.custom_params,
+            // Merge shared context (bindDomainCap from didnames-adapter)
+            ...(sharedContext || {}),
+          },
         },
       });
 

package/api/src/queues/vendors/fulfillment-coordinator.ts

@@ -24,11 +24,172 @@ interface CoordinatorJob {
 
 const MAX_FULFILLMENT_TIMEOUT = 300000;
 
+// Helper function to get order info for coordinated fulfillment
+async function getCoordinatedOrderInfo(checkoutSessionId: string) {
+  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+
+  if (!checkoutSession) {
+    throw new Error('CheckoutSession or Invoice not found');
+  }
+
+  return {
+    checkoutSessionId,
+    amount_total: checkoutSession.amount_total,
+    customer_id: checkoutSession.customer_id || '',
+    invoiceId: checkoutSession.invoice_id || '',
+    currency_id: checkoutSession.currency_id,
+    customer_did: checkoutSession.customer_did || '',
+  };
+}
+
+async function handleCoordinatedFulfillment(job: any): Promise<void> {
+  const { checkoutSessionId, invoiceId, didnamesVendorConfig, launcherVendorConfig, context } = job;
+
+  try {
+    logger.info('Starting coordinated fulfillment', {
+      checkoutSessionId,
+      didnamesVendorId: didnamesVendorConfig.vendor_id,
+      launcherVendorId: launcherVendorConfig.vendor_id,
+    });
+
+    const orderInfo = await getCoordinatedOrderInfo(checkoutSessionId);
+    if (!orderInfo) {
+      throw new Error('Order info not found');
+    }
+
+    // Step 1: Execute didnames fulfillment to generate bindDomainCap
+    logger.info('Step 1: Executing didnames fulfillment', { checkoutSessionId });
+    const didnamesResult = await VendorFulfillmentService.fulfillSingleVendorOrder(
+      orderInfo,
+      didnamesVendorConfig,
+      context
+    );
+
+    if (didnamesResult.status === 'failed') {
+      throw new Error(`Didnames fulfillment failed: ${didnamesResult.errorMessage}`);
+    }
+
+    // Extract bindDomainCap from didnames result
+    const bindCapData = didnamesResult.orderDetails?.customParams || {};
+    const { domain, sessionId, bindDomainCap, nftDid } = bindCapData;
+
+    if (!bindDomainCap || !domain || !sessionId) {
+      logger.warn('Missing bindDomainCap data from didnames adapter', {
+        checkoutSessionId,
+        hasBindCap: !!bindDomainCap,
+        hasDomain: !!domain,
+        hasSessionId: !!sessionId,
+      });
+    }
+
+    // Update didnames vendor status
+    await updateVendorFulfillmentStatus(
+      checkoutSessionId,
+      invoiceId,
+      didnamesVendorConfig.vendor_id,
+      didnamesResult.status === 'completed' ? 'completed' : 'sent',
+      {
+        orderId: didnamesResult.orderId,
+        commissionAmount: didnamesResult.commissionAmount,
+        serviceUrl: didnamesResult.serviceUrl,
+      }
+    );
+
+    // Step 2: Execute launcher fulfillment with bindDomainCap
+    logger.info('Step 2: Executing launcher fulfillment with bindDomainCap', {
+      checkoutSessionId,
+      hasBindCapData: !!bindDomainCap,
+    });
+
+    const launcherResult = await VendorFulfillmentService.fulfillSingleVendorOrder(orderInfo, launcherVendorConfig, {
+      ...context,
+      domain,
+      sessionId,
+      bindDomainCap,
+      domainNftDid: nftDid,
+    });
+
+    // Update launcher vendor status
+    await updateVendorFulfillmentStatus(
+      checkoutSessionId,
+      invoiceId,
+      launcherVendorConfig.vendor_id,
+      launcherResult.status === 'completed' ? 'completed' : 'sent',
+      {
+        orderId: launcherResult.orderId,
+        commissionAmount: launcherResult.commissionAmount,
+        serviceUrl: launcherResult.serviceUrl,
+      }
+    );
+
+    logger.info('Coordinated fulfillment completed successfully', {
+      checkoutSessionId,
+      didnamesStatus: didnamesResult.status,
+      launcherStatus: launcherResult.status,
+    });
+
+    // Check if all vendors are completed to trigger commission
+    await triggerCommissionProcess(checkoutSessionId, invoiceId);
+  } catch (error: any) {
+    logger.error('Coordinated fulfillment failed', {
+      checkoutSessionId,
+      error: error.message,
+    });
+
+    // Mark both vendors as failed
+    await updateVendorFulfillmentStatus(checkoutSessionId, invoiceId, didnamesVendorConfig.vendor_id, 'failed', {
+      lastError: error.message,
+    });
+
+    await updateVendorFulfillmentStatus(checkoutSessionId, invoiceId, launcherVendorConfig.vendor_id, 'failed', {
+      lastError: error.message,
+    });
+
+    throw error;
+  }
+}
+
 export const fulfillmentCoordinatorQueue = createQueue({
   name: 'fulfillment-coordinator',
   onJob: handleFulfillmentCoordination,
 });
 
+export const coordinatedFulfillmentQueue = createQueue({
+  name: 'coordinated-fulfillment',
+  onJob: handleCoordinatedFulfillment,
+  options: {
+    concurrency: 1,
+    maxRetries: 3,
+    enableScheduledJob: true,
+  },
+});
+
+export const startCoordinatedFulfillmentQueue = () => {
+  logger.debug('startCoordinatedFulfillmentQueue');
+  return Promise.resolve();
+};
+
+// Add event listener for coordinated fulfillment
+events.on('vendor.fulfillment.coordinated', async (id, job) => {
+  try {
+    const exist = await coordinatedFulfillmentQueue.get(id);
+    if (!exist) {
+      logger.info('Adding coordinated fulfillment job to queue', { id, checkoutSessionId: job.checkoutSessionId });
+      coordinatedFulfillmentQueue.push({
+        id,
+        job,
+      });
+    } else {
+      logger.info('Coordinated fulfillment job already exists, skipping', { id });
+    }
+  } catch (error: any) {
+    logger.error('Failed to handle coordinated fulfillment queue event', {
+      id,
+      error: error.message,
+    });
+  }
+});
+
 export async function startVendorFulfillment(checkoutSessionId: string, invoiceId: string): Promise<void> {
   try {
     logger.info('Starting vendor fulfillment process', {
@@ -60,17 +221,42 @@ export async function startVendorFulfillment(checkoutSessionId: string, invoiceI
 
     await updateVendorInfo(checkoutSessionId, initialVendorInfo);
 
-    // Trigger a separate vendor-fulfillment queue for each vendor
-    for (const vendorConfig of vendorConfigs) {
-      const vendorFulfillmentJobId = `vendor-fulfillment-${checkoutSessionId}-${vendorConfig.vendor_id}`;
+    // Check if we need coordinated fulfillment (didnames + launcher)
+    const didnamesVendor = vendorConfigs.find((v) => v.vendor_type === 'didnames');
+    const launcherVendor = vendorConfigs.find((v) => v.vendor_type === 'launcher');
+
+    if (didnamesVendor && launcherVendor) {
+      // Coordinated fulfillment: didnames first, then launcher with bindDomainCap
+      logger.info('Starting coordinated domain binding fulfillment', {
+        checkoutSessionId,
+        didnamesVendorId: didnamesVendor.vendor_id,
+        launcherVendorId: launcherVendor.vendor_id,
+      });
 
-      events.emit('vendor.fulfillment.queued', vendorFulfillmentJobId, {
+      const coordinatedJobId = `coordinated-fulfillment-${checkoutSessionId}`;
+      events.emit('vendor.fulfillment.coordinated', coordinatedJobId, {
         checkoutSessionId,
         invoiceId,
-        vendorId: vendorConfig.vendor_id,
-        vendorConfig,
+        didnamesVendorConfig: didnamesVendor,
+        launcherVendorConfig: launcherVendor,
         retryOnError: true,
       });
+    } else {
+      // Regular parallel fulfillment for other vendors
+      for (const vendorConfig of vendorConfigs) {
+        const vendorFulfillmentJobId = `vendor-fulfillment-${checkoutSessionId}-${vendorConfig.vendor_id}`;
+
+        events.emit('vendor.fulfillment.queued', vendorFulfillmentJobId, {
+          checkoutSessionId,
+          invoiceId,
+          vendorId: vendorConfig.vendor_id,
+          vendorConfig,
+          retryOnError: true,
+          context: {
+            subdomain: `docsmith-${Date.now()}`,
+          },
+        });
+      }
     }
 
     logger.info('Vendor fulfillment process has been triggered', {
@@ -294,7 +480,7 @@ async function updateSingleVendorInfo(
     logger.error('updateVendorInfo - Update failed', {
       checkoutSessionId,
       vendorId,
-      error: error.message,
+      error,
     });
     throw error;
   } finally {

package/api/src/routes/vendor.ts

@@ -1,9 +1,8 @@
 import { getUrl } from '@blocklet/sdk/lib/component';
 import { Router } from 'express';
 import Joi from 'joi';
+import { middleware } from '@blocklet/payment-vendor';
 
-import { Auth as VendorAuth, middleware } from '@blocklet/payment-vendor';
-import { joinURL } from 'ufo';
 import { MetadataSchema } from '../libs/api';
 import { wallet } from '../libs/auth';
 import dayjs from '../libs/dayjs';
@@ -11,14 +10,16 @@ import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { formatToShortUrl } from '../libs/url';
 import { getBlockletJson } from '../libs/util';
+import { VendorFulfillmentService } from '../libs/vendor-util/fulfillment';
 import { CheckoutSession, Invoice, Subscription } from '../store/models';
 import { ProductVendor } from '../store/models/product-vendor';
 
 const authAdmin = authenticate<CheckoutSession>({ component: true, roles: ['owner', 'admin'] });
+const loginAuth = authenticate<CheckoutSession>({ component: true, ensureLogin: true, mine: true });
 
 const createVendorSchema = Joi.object({
   vendor_key: Joi.string().max(50).required(),
-  vendor_type: Joi.string().valid('launcher').default('launcher'),
+  vendor_type: Joi.string().valid('launcher', 'didnames').default('launcher'),
   name: Joi.string().max(255).required(),
   description: Joi.string().max(1000).allow('').optional(),
   app_url: Joi.string().uri().max(512).required(),
@@ -32,7 +33,7 @@ const createVendorSchema = Joi.object({
 }).unknown(false);
 
 const updateVendorSchema = Joi.object({
-  vendor_type: Joi.string().valid('launcher').optional(),
+  vendor_type: Joi.string().valid('launcher', 'didnames').optional(),
   name: Joi.string().max(255).optional(),
   description: Joi.string().max(1000).allow('').optional(),
   app_url: Joi.string().uri().max(512).optional(),
@@ -114,7 +115,7 @@ async function getAllVendors(_req: any, res: any) {
   }
 }
 
-async function getVendorById(req: any, res: any) {
+async function getVendorInfo(req: any, res: any) {
   try {
     const vendor = await ProductVendor.findByPk(req.params.id);
     if (!vendor) {
@@ -294,57 +295,40 @@ async function testVendorConnection(req: any, res: any) {
   }
 }
 
-async function getVendorStatusByVendorId(vendorId: string, orderId: string, isDetail = false) {
+const getVendorById = async (vendorId: string, orderId: string) => {
   if (!vendorId || !orderId) {
-    return {};
+    throw new Error(`vendorId or orderId is required, vendorId: ${vendorId}, orderId: ${orderId}`);
   }
 
   const vendor = await ProductVendor.findByPk(vendorId);
-  const url = vendor?.app_url
-    ? joinURL(
-        vendor.app_url,
-        vendor.metadata?.mountPoint || '',
-        '/api/vendor/',
-        isDetail ? 'orders' : 'status',
-        orderId
-      )
-    : null;
-
-  const { headers } = VendorAuth.signRequestWithHeaders({});
-  const name = vendor?.name;
-  const key = vendor?.vendor_key;
-
-  return url
-    ? fetch(url, { headers })
-        .then(async (r) => {
-          const data = await r.json();
-
-          if (!data.dashboardUrl) {
-            return {
-              ...data,
-              name,
-              key,
-            };
-          }
-          const validUntil = dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00');
-          const maxVisits = 5;
-
-          const homeUrl = await formatToShortUrl({ url: data.homeUrl, maxVisits, validUntil });
-          const dashboardUrl = await formatToShortUrl({ url: data.dashboardUrl, maxVisits, validUntil });
-
-          return {
-            ...data,
-            name,
-            key,
-            homeUrl,
-            dashboardUrl,
-          };
-        })
-        .catch((e) => ({ error: e.message }))
-    : null;
+  if (!vendor) {
+    throw new Error(`vendor not found, vendorId: ${vendorId}`);
+  }
+
+  const vendorAdapter = await VendorFulfillmentService.getVendorAdapter(vendor.vendor_key);
+
+  const data = await vendorAdapter.getOrder(vendor, orderId);
+
+  return data;
+};
+
+async function getVendorStatusById(vendorId: string, orderId: string) {
+  if (!vendorId || !orderId) {
+    throw new Error(`vendorId or orderId is required, vendorId: ${vendorId}, orderId: ${orderId}`);
+  }
+
+  const vendor = await ProductVendor.findByPk(vendorId);
+
+  if (!vendor) {
+    throw new Error(`vendor not found, vendorId: ${vendorId}`);
+  }
+
+  const vendorAdapter = await VendorFulfillmentService.getVendorAdapter(vendor.vendor_key);
+
+  return vendorAdapter.getOrderStatus(vendor, orderId);
 }
 
-async function getVendorStatus(sessionId: string, isDetail = false) {
+async function doRequestVendor(sessionId: string, func: (vendorId: string, orderId: string) => Promise<any>) {
   const doc = await CheckoutSession.findByPk(sessionId);
 
   if (!doc) {
@@ -376,35 +360,36 @@ async function getVendorStatus(sessionId: string, isDetail = false) {
   }
 
   const vendors = doc.vendor_info.map((item) => {
-    return getVendorStatusByVendorId(item.vendor_id, item.order_id, isDetail).then((status) => {
-      return {
-        error_message: item.error_message,
-        status: item.status,
-        ...status,
-      };
-    });
+    return func(item.vendor_id, item.order_id);
   });
 
-  const subscriptionId = doc.subscription_id;
-  let shortSubscriptionUrl = '';
+  return {
+    payment_status: doc.payment_status,
+    session_status: doc.status,
+    vendors: await Promise.all(vendors),
+    subscriptionId: doc.subscription_id,
+    error: null,
+  };
+}
+
+async function getVendorStatus(sessionId: string) {
+  const result: any = await doRequestVendor(sessionId, getVendorStatusById);
 
-  if (isDetail && subscriptionId) {
-    const subscriptionUrl = getUrl(`/customer/subscription/${subscriptionId}`);
+  if (result.subscriptionId) {
+    const subscriptionUrl = getUrl(`/customer/subscription/${result.subscriptionId}`);
 
-    shortSubscriptionUrl = await formatToShortUrl({
+    result.subscriptionUrl = await formatToShortUrl({
       url: subscriptionUrl,
       maxVisits: 5,
       validUntil: dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00'),
     });
   }
 
-  return {
-    payment_status: paymentStatus,
-    session_status: doc.status,
-    subscriptionUrl: shortSubscriptionUrl,
-    vendors: await Promise.all(vendors),
-    error: null,
-  };
+  return result;
+}
+
+function getVendor(sessionId: string) {
+  return doRequestVendor(sessionId, getVendorById);
 }
 
 async function getVendorFulfillmentStatus(req: any, res: any) {
@@ -426,7 +411,7 @@ async function getVendorFulfillmentDetail(req: any, res: any) {
   const { sessionId } = req.params;
 
   try {
-    const detail = await getVendorStatus(sessionId, true);
+    const detail = await getVendor(sessionId);
     if (detail.code) {
       return res.status(detail.code).json({ error: detail.error });
     }
@@ -457,7 +442,7 @@ async function redirectToVendor(req: any, res: any) {
       return res.redirect('/404');
     }
 
-    const detail = await getVendorStatusByVendorId(vendorId, order.order_id || '', true);
+    const detail = await getVendorById(vendorId, order.order_id || '');
     if (!detail) {
       logger.warn('Vendor status detail not found', {
         subscriptionId,
@@ -539,8 +524,8 @@ const ensureVendorAuth = middleware.ensureVendorAuth((vendorPk: string) =>
 );
 
 // FIXME: Authentication not yet added, awaiting implementation @Pengfei
-router.get('/order/:sessionId/status', validateParams(sessionIdParamSchema), getVendorFulfillmentStatus);
-router.get('/order/:sessionId/detail', validateParams(sessionIdParamSchema), getVendorFulfillmentDetail);
+router.get('/order/:sessionId/status', loginAuth, validateParams(sessionIdParamSchema), getVendorFulfillmentStatus);
+router.get('/order/:sessionId/detail', loginAuth, validateParams(sessionIdParamSchema), getVendorFulfillmentDetail);
 
 router.get('/subscription/:sessionId/redirect', handleSubscriptionRedirect);
 router.get('/subscription/:sessionId', ensureVendorAuth, getVendorSubscription);
@@ -554,7 +539,7 @@ router.get(
 );
 
 router.get('/', getAllVendors);
-router.get('/:id', authAdmin, validateParams(vendorIdParamSchema), getVendorById);
+router.get('/:id', authAdmin, validateParams(vendorIdParamSchema), getVendorInfo);
 router.post('/', authAdmin, createVendor);
 router.put('/:id', authAdmin, validateParams(vendorIdParamSchema), updateVendor);
 router.delete('/:id', authAdmin, validateParams(vendorIdParamSchema), deleteVendor);

package/blocklet.yml

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.20.16
+version: 1.20.18
 logo: logo.png
 files:
   - dist

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.20.16",
+  "version": "1.20.18",
   "scripts": {
     "dev": "blocklet dev --open",
     "lint": "tsc --noEmit && eslint src api/src --ext .mjs,.js,.jsx,.ts,.tsx",
@@ -56,8 +56,9 @@
     "@blocklet/error": "^0.2.5",
     "@blocklet/js-sdk": "^1.16.52-beta-20250912-112002-e3499e9c",
     "@blocklet/logger": "^1.16.52-beta-20250912-112002-e3499e9c",
-    "@blocklet/payment-react": "1.20.16",
-    "@blocklet/payment-vendor": "1.20.16",
+    "@blocklet/payment-broker-client": "1.20.18",
+    "@blocklet/payment-react": "1.20.18",
+    "@blocklet/payment-vendor": "1.20.18",
     "@blocklet/sdk": "^1.16.52-beta-20250912-112002-e3499e9c",
     "@blocklet/ui-react": "^3.1.41",
     "@blocklet/uploader": "^0.2.12",
@@ -120,13 +121,14 @@
     "ufo": "^1.6.1",
     "umzug": "^3.8.2",
     "use-bus": "^2.5.2",
+    "uuid": "^13.0.0",
     "validator": "^13.15.15",
     "web3": "^4.16.0"
   },
   "devDependencies": {
     "@abtnode/types": "^1.16.52-beta-20250912-112002-e3499e9c",
     "@arcblock/eslint-config-ts": "^0.3.3",
-    "@blocklet/payment-types": "1.20.16",
+    "@blocklet/payment-types": "1.20.18",
     "@types/cookie-parser": "^1.4.9",
     "@types/cors": "^2.8.19",
     "@types/debug": "^4.1.12",
@@ -173,5 +175,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "ebf0677dd4414d4abc4129d6663a7e9ddb415281"
+  "gitHead": "94e4020fb0d4121ebf0430de2db1fd642676c8ae"
 }

package/src/locales/en.tsx

@@ -1126,6 +1126,7 @@ export default flat({
       nameRequired: 'Vendor name is required',
       vendorType: 'Vendor Type',
       vendorTypeRequired: 'Vendor type is required',
+      didnames: 'DID Names',
       launcher: 'Launcher',
       vendorKey: 'Vendor Key',
       vendorKeyRequired: 'Vendor key is required',

package/src/locales/zh.tsx

@@ -1098,6 +1098,7 @@ export default flat({
       nameRequired: '供应商名称是必填项',
       vendorType: '供应商类型',
       vendorTypeRequired: '供应商类型是必填项',
+      didnames: 'DID Names',
       launcher: '启动器',
       vendorKey: '供应商标识',
       vendorKeyRequired: '供应商标识是必填项',

package/src/pages/admin/products/vendors/create.tsx

@@ -80,13 +80,13 @@ export default function VendorCreate({
       }
     : {
         vendor_key: '',
-        vendor_type: 'launcher',
+        vendor_type: 'didnames',
         name: '',
         description: '',
         app_url: '',
         vendor_did: '',
         status: 'inactive' as const,
-        metadata: [{ key: 'blockletMetaUrl', value: '' }],
+        metadata: [],
         app_pid: '',
         app_logo: '',
       };
@@ -256,6 +256,7 @@ export default function VendorCreate({
                 <InputLabel>{t('admin.vendor.vendorType')}</InputLabel>
                 <Select {...field} label={t('admin.vendor.vendorType')}>
                   <MenuItem value="launcher">{t('admin.vendor.launcher')}</MenuItem>
+                  <MenuItem value="didnames">{t('admin.vendor.didnames')}</MenuItem>
                 </Select>
               </FormControl>
             )}