s402 0.2.0 → 0.2.2

package/dist/index.mjs

@@ -9,8 +9,19 @@ var s402Client = class {
 	/**
 	* Register a scheme implementation for a network.
 	*
-	* @param network - Sui network (e.g., "sui:testnet")
-	* @param scheme - Scheme implementation
+	* @param network - Network identifier (e.g., "sui:testnet", "sui:mainnet")
+	* @param scheme - Scheme implementation (from @sweefi/sui or your own)
+	* @returns `this` for chaining
+	*
+	* @example
+	* ```ts
+	* import { s402Client } from 's402';
+	*
+	* const client = new s402Client();
+	* client
+	*   .register('sui:mainnet', exactScheme)
+	*   .register('sui:mainnet', prepaidScheme);
+	* ```
 	*/
 	register(network, scheme) {
 		if (!this.schemes.has(network)) this.schemes.set(network, /* @__PURE__ */ new Map());
@@ -25,6 +36,23 @@ var s402Client = class {
 	*
 	* Accepts typed s402PaymentRequirements only. For x402 input, normalize
 	* first via `normalizeRequirements()` from 's402/compat'.
+	*
+	* @param requirements - Server's payment requirements (from a 402 response)
+	* @returns Payment payload ready to send in the `x-payment` header
+	* @throws {s402Error} `NETWORK_MISMATCH` if no schemes registered for the network
+	* @throws {s402Error} `SCHEME_NOT_SUPPORTED` if no registered scheme matches server's accepts
+	*
+	* @example
+	* ```ts
+	* import { s402Client, decodePaymentRequired, encodePaymentPayload, S402_HEADERS } from 's402';
+	*
+	* const client = new s402Client();
+	* client.register('sui:mainnet', exactScheme);
+	*
+	* const requirements = decodePaymentRequired(res.headers.get('payment-required')!);
+	* const payload = await client.createPayment(requirements);
+	* fetch(url, { headers: { [S402_HEADERS.PAYMENT]: encodePaymentPayload(payload) } });
+	* ```
 	*/
 	async createPayment(requirements) {
 		const networkSchemes = this.schemes.get(requirements.network);
@@ -67,6 +95,25 @@ var s402ResourceServer = class {
 	* Build payment requirements for a route.
 	* Uses the first scheme in the config's schemes array.
 	* Always includes "exact" in accepts for x402 compat.
+	*
+	* @param config - Per-route payment configuration (schemes, price, network, payTo, asset)
+	* @returns Payment requirements ready to encode for the 402 response
+	* @throws {s402Error} `INVALID_PAYLOAD` if price is not a valid non-negative integer string
+	*
+	* @example
+	* ```ts
+	* import { s402ResourceServer, encodePaymentRequired } from 's402';
+	*
+	* const server = new s402ResourceServer();
+	* const requirements = server.buildRequirements({
+	*   schemes: ['exact'],
+	*   price: '1000000',
+	*   network: 'sui:mainnet',
+	*   payTo: '0xYOUR_ADDRESS',
+	*   asset: '0x2::sui::SUI',
+	* });
+	* res.status(402).setHeader('payment-required', encodePaymentRequired(requirements));
+	* ```
 	*/
 	buildRequirements(config) {
 		if (!isValidAmount(config.price)) throw new s402Error("INVALID_PAYLOAD", `Invalid price "${config.price}": must be a non-negative integer string`);
@@ -118,6 +165,20 @@ var s402ResourceServer = class {
 	* Expiration-guarded verify + settle. This is the recommended path.
 	* Rejects expired requirements, verifies the payload, then settles.
 	* True atomicity comes from Sui PTBs in the scheme implementation.
+	*
+	* @param payload - Client's payment payload (from the `x-payment` header)
+	* @param requirements - The requirements this server originally sent
+	* @returns Settlement result with txDigest on success
+	* @throws {s402Error} `FACILITATOR_UNAVAILABLE` if no facilitator is configured
+	*
+	* @example
+	* ```ts
+	* const result = await server.process(payload, requirements);
+	* if (result.success) {
+	*   // Serve the protected resource
+	*   res.status(200).json({ data: 'paid content' });
+	* }
+	* ```
 	*/
 	async process(payload, requirements) {
 		if (!this.facilitator) throw new s402Error("FACILITATOR_UNAVAILABLE", "No facilitator configured on this server");
@@ -212,12 +273,33 @@ var s402Facilitator = class {
 		}
 	}
 	/**
-	* Expiration-guarded verify + settle in one call.
+	* Expiration-guarded verify + settle in one call. **This is the recommended path.**
 	* Rejects expired requirements, verifies the payload, then settles.
+	* Includes deduplication (prevents concurrent identical requests) and timeouts
+	* (5s verify, 15s settle).
 	*
 	* Note: True atomicity comes from Sui's PTBs in the scheme implementation,
 	* not from this method. This method provides the expiration guard and
-	* sequential verify→settle orchestration.
+	* sequential verify-then-settle orchestration.
+	*
+	* @param payload - Client's payment payload
+	* @param requirements - Server's payment requirements
+	* @returns Settlement result (check `result.success` and `result.errorCode`)
+	*
+	* @example
+	* ```ts
+	* import { s402Facilitator } from 's402';
+	*
+	* const facilitator = new s402Facilitator();
+	* facilitator.register('sui:mainnet', exactFacilitatorScheme);
+	*
+	* const result = await facilitator.process(payload, requirements);
+	* if (result.success) {
+	*   console.log(result.txDigest); // Sui transaction digest
+	* } else {
+	*   console.log(result.errorCode); // e.g. 'VERIFICATION_FAILED'
+	* }
+	* ```
 	*/
 	async process(payload, requirements) {
 		if (requirements.expiresAt != null) {
@@ -264,7 +346,10 @@ var s402Facilitator = class {
 		try {
 			let verifyResult;
 			try {
-				verifyResult = await Promise.race([scheme.verify(payload, requirements), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("Verification timed out after 5s")), 5e3))]);
+				let verifyTimer;
+				verifyResult = await Promise.race([scheme.verify(payload, requirements), new Promise((_, reject) => {
+					verifyTimer = setTimeout(() => reject(/* @__PURE__ */ new Error("Verification timed out after 5s")), 5e3);
+				})]).finally(() => clearTimeout(verifyTimer));
 			} catch (e) {
 				return {
 					success: false,
@@ -283,7 +368,10 @@ var s402Facilitator = class {
 				errorCode: "REQUIREMENTS_EXPIRED"
 			};
 			try {
-				return await Promise.race([scheme.settle(payload, requirements), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("Settlement timed out after 15s")), 15e3))]);
+				let settleTimer;
+				return await Promise.race([scheme.settle(payload, requirements), new Promise((_, reject) => {
+					settleTimer = setTimeout(() => reject(/* @__PURE__ */ new Error("Settlement timed out after 15s")), 15e3);
+				})]).finally(() => clearTimeout(settleTimer));
 			} catch (e) {
 				return {
 					success: false,

package/dist/receipts.mjs

@@ -1,4 +1,23 @@
+import { s402Error } from "./errors.mjs";
+
 //#region src/receipts.ts
+/**
+* s402 Receipt HTTP Helpers — chain-agnostic receipt header format/parse.
+*
+* Providers sign each API response with Ed25519. The signature, call number,
+* timestamp, and response hash are transported as a single HTTP header:
+*
+*   X-S402-Receipt: v2:base64(signature):callNumber:timestampMs:base64(responseHash)
+*
+* This module handles the header wire format ONLY. It does not:
+* - Construct BCS messages (chain-specific — see @sweefi/sui receipts.ts)
+* - Generate Ed25519 keys (implementations provide their own)
+* - Accumulate receipts (client-side concern — see @sweefi/sui ReceiptAccumulator)
+*
+* Zero runtime dependencies. Uses built-in btoa/atob.
+*
+* @see docs/schemes/prepaid.md — v0.2 spec
+*/
 /** HTTP header name for s402 signed usage receipts. */
 const S402_RECEIPT_HEADER = "X-S402-Receipt";
 const HEADER_VERSION = "v2";
@@ -8,9 +27,14 @@ function uint8ToBase64(bytes) {
 	for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
 	return btoa(binary);
 }
-/** Decode a base64 string to Uint8Array using built-in atob. */
+/** Decode a base64 string to Uint8Array using built-in atob. Throws Error on invalid base64. */
 function base64ToUint8(b64) {
-	const binary = atob(b64);
+	let binary;
+	try {
+		binary = atob(b64);
+	} catch {
+		throw new s402Error("INVALID_PAYLOAD", `Invalid base64: "${b64.slice(0, 20)}${b64.length > 20 ? "..." : ""}"`);
+	}
 	const bytes = new Uint8Array(binary.length);
 	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
 	return bytes;
@@ -40,21 +64,35 @@ function formatReceiptHeader(receipt) {
 * @throws On empty string, wrong number of parts, or unknown version
 */
 function parseReceiptHeader(header) {
-	if (!header) throw new Error("Empty receipt header");
+	if (!header) throw new s402Error("INVALID_PAYLOAD", "Empty receipt header");
 	const parts = header.split(":");
-	if (parts.length !== 5) throw new Error(`Malformed receipt header: expected 5 colon-separated parts, got ${parts.length}`);
+	if (parts.length !== 5) throw new s402Error("INVALID_PAYLOAD", `Malformed receipt header: expected 5 colon-separated parts, got ${parts.length}`);
 	const [version, sigB64, callNumberStr, timestampMsStr, hashB64] = parts;
-	if (version !== HEADER_VERSION) throw new Error(`Unknown receipt header version: "${version}" (expected "${HEADER_VERSION}")`);
-	const callNumber = BigInt(callNumberStr);
-	const timestampMs = BigInt(timestampMsStr);
-	if (callNumber <= 0n) throw new Error(`Invalid receipt callNumber: must be positive, got ${callNumber}`);
-	if (timestampMs <= 0n) throw new Error(`Invalid receipt timestampMs: must be positive, got ${timestampMs}`);
+	if (version !== HEADER_VERSION) throw new s402Error("INVALID_PAYLOAD", `Unknown receipt header version: "${version}" (expected "${HEADER_VERSION}")`);
+	let callNumber;
+	let timestampMs;
+	try {
+		callNumber = BigInt(callNumberStr);
+	} catch {
+		throw new s402Error("INVALID_PAYLOAD", `Invalid receipt callNumber: not a valid integer "${callNumberStr}"`);
+	}
+	try {
+		timestampMs = BigInt(timestampMsStr);
+	} catch {
+		throw new s402Error("INVALID_PAYLOAD", `Invalid receipt timestampMs: not a valid integer "${timestampMsStr}"`);
+	}
+	if (callNumber <= 0n) throw new s402Error("INVALID_PAYLOAD", `Invalid receipt callNumber: must be positive, got ${callNumber}`);
+	if (timestampMs <= 0n) throw new s402Error("INVALID_PAYLOAD", `Invalid receipt timestampMs: must be positive, got ${timestampMs}`);
+	const signature = base64ToUint8(sigB64);
+	if (signature.length !== 64) throw new s402Error("INVALID_PAYLOAD", `Receipt signature must be 64 bytes (Ed25519), got ${signature.length}`);
+	const responseHash = base64ToUint8(hashB64);
+	if (responseHash.length !== 32) throw new s402Error("INVALID_PAYLOAD", `Receipt responseHash must be 32 bytes (SHA-256), got ${responseHash.length}`);
 	return {
 		version: "v2",
-		signature: base64ToUint8(sigB64),
+		signature,
 		callNumber,
 		timestampMs,
-		responseHash: base64ToUint8(hashB64)
+		responseHash
 	};
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "s402",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "type": "module",
   "description": "s402 — Chain-agnostic HTTP 402 wire format. Types, HTTP encoding, and scheme registry for five payment schemes. Wire-compatible with x402. Zero runtime dependencies.",
   "license": "Apache-2.0",
@@ -25,7 +25,11 @@
     "streaming",
     "escrow",
     "web3",
-    "protocol"
+    "protocol",
+    "ai-agent",
+    "machine-to-machine",
+    "m2m",
+    "agent-payments"
   ],
   "engines": {
     "node": ">=18"
@@ -36,7 +40,8 @@
     "README.md",
     "LICENSE",
     "CHANGELOG.md",
-    "SECURITY.md"
+    "SECURITY.md",
+    "test/conformance/vectors"
   ],
   "main": "./dist/index.mjs",
   "module": "./dist/index.mjs",
@@ -85,21 +90,22 @@
       "default": "./dist/receipts.mjs"
     }
   },
-  "devDependencies": {
-    "@vitest/coverage-v8": "^3.2.4",
-    "fast-check": "^4.5.3",
-    "tsdown": "^0.20.3",
-    "typescript": "^5.7.0",
-    "vitepress": "^1.6.4",
-    "vitest": "^3.0.5"
-  },
   "scripts": {
     "build": "tsdown",
     "typecheck": "tsc --noEmit",
     "test": "vitest run",
     "test:watch": "vitest",
+    "prepublishOnly": "npm run build && npm run typecheck && npm run test",
     "docs:dev": "vitepress dev docs",
     "docs:build": "vitepress build docs",
     "docs:preview": "vitepress preview docs"
+  },
+  "devDependencies": {
+    "@vitest/coverage-v8": "^3.2.4",
+    "fast-check": "^4.5.3",
+    "tsdown": "^0.20.3",
+    "typescript": "^5.7.0",
+    "vitepress": "^1.6.4",
+    "vitest": "^3.0.5"
   }
-}
+}

package/test/conformance/README.md

@@ -0,0 +1,172 @@
+# s402 Conformance Test Vectors
+
+Machine-readable test vectors that define s402-compliant behavior. Use these to verify any s402 implementation — TypeScript, Go, Python, Rust, etc.
+
+## Getting the Vectors
+
+The vectors ship with the `s402` npm package:
+
+```bash
+npm pack s402
+tar xzf s402-*.tgz
+ls package/test/conformance/vectors/
+```
+
+Or clone the repo directly:
+
+```bash
+git clone https://github.com/s402-protocol/core.git
+ls core/test/conformance/vectors/
+```
+
+## Vector Format
+
+Each JSON file contains an array of test cases:
+
+```json
+[
+  {
+    "description": "Human-readable test name",
+    "input": { ... },
+    "expected": { ... },
+    "shouldReject": false
+  }
+]
+```
+
+### Accept vectors (`shouldReject: false`)
+
+The implementation MUST produce `expected` when given `input`.
+
+### Reject vectors (`shouldReject: true`)
+
+The implementation MUST reject the input with an error. The `expectedErrorCode` field indicates which error:
+
+```json
+{
+  "description": "Rejects negative amount",
+  "input": { "header": "base64-encoded-malformed-json" },
+  "shouldReject": true,
+  "expectedErrorCode": "INVALID_PAYLOAD"
+}
+```
+
+## Vector Files
+
+| File | Tests | Description |
+|------|-------|-------------|
+| `requirements-encode.json` | Encode | `s402PaymentRequirements` object → base64 header string |
+| `requirements-decode.json` | Decode | base64 header string → `s402PaymentRequirements` object |
+| `payload-encode.json` | Encode | `s402PaymentPayload` object → base64 header string |
+| `payload-decode.json` | Decode | base64 header string → `s402PaymentPayload` object |
+| `settle-encode.json` | Encode | `s402SettleResponse` object → base64 header string |
+| `settle-decode.json` | Decode | base64 header string → `s402SettleResponse` object |
+| `body-transport.json` | Both | Requirements/payload/settle via JSON body (no base64) |
+| `compat-normalize.json` | Normalize | x402 V1/V2 input → normalized s402 output |
+| `receipt-format.json` | Format | Receipt fields → `X-S402-Receipt` header string |
+| `receipt-parse.json` | Parse | `X-S402-Receipt` header string → parsed receipt fields |
+| `validation-reject.json` | Reject | Malformed inputs that MUST be rejected |
+| `roundtrip.json` | Roundtrip | encode → decode → re-encode = identical output |
+
+## Encoding Scheme
+
+s402 uses **Unicode-safe base64** for HTTP header transport:
+
+1. JSON-serialize the object: `JSON.stringify(obj)`
+2. UTF-8 encode the string: `TextEncoder.encode(json)`
+3. Base64 encode the bytes: `btoa(bytes.map(b => String.fromCharCode(b)).join(''))`
+
+For ASCII-only content (the common case), this produces the same output as plain `btoa(json)`.
+
+Body transport uses raw JSON (no base64).
+
+## Receipt Header Format
+
+The `X-S402-Receipt` header uses colon-separated fields:
+
+```
+v2:base64(signature):callNumber:timestampMs:base64(responseHash)
+```
+
+- `v2` — version prefix (always "v2" for signed receipts)
+- `signature` — 64-byte Ed25519 signature, base64-encoded
+- `callNumber` — sequential call number (1-indexed, bigint string)
+- `timestampMs` — Unix timestamp in milliseconds (bigint string)
+- `responseHash` — response body hash (typically SHA-256, 32 bytes), base64-encoded
+
+In the vector JSON files, `signature` and `responseHash` are represented as arrays of byte values (0-255) since JSON has no binary type.
+
+## Implementing in Another Language
+
+1. Load the JSON vector files
+2. For each vector where `shouldReject` is `false`:
+   - Feed `input` to your encode/decode function
+   - Compare the result to `expected`
+3. For each vector where `shouldReject` is `true`:
+   - Feed `input` to your decode function
+   - Verify it throws/returns an error with the matching error code
+4. For roundtrip vectors:
+   - Verify `expected.identical` is `true`
+   - Verify `expected.firstEncode === expected.reEncode`
+
+### Key stripping on decode
+
+All three decode functions (`decodePaymentRequired`, `decodePaymentPayload`, `decodeSettleResponse`) MUST strip unknown top-level keys. Only known fields should survive the decode. This is a defense-in-depth measure at the HTTP trust boundary.
+
+**Requirements known top-level keys:** `s402Version`, `accepts`, `network`, `asset`, `amount`, `payTo`, `facilitatorUrl`, `mandate`, `protocolFeeBps`, `protocolFeeAddress`, `receiptRequired`, `settlementMode`, `expiresAt`, `stream`, `escrow`, `unlock`, `prepaid`, `extensions`.
+
+**Requirements sub-object known keys** (also stripped of unknowns):
+- `mandate`: `required`, `minPerTx`, `coinType`
+- `stream`: `ratePerSecond`, `budgetCap`, `minDeposit`, `streamSetupUrl`
+- `escrow`: `seller`, `arbiter`, `deadlineMs`
+- `unlock`: `encryptionId`, `walrusBlobId`, `encryptionPackageId`
+- `prepaid`: `ratePerCall`, `maxCalls`, `minDeposit`, `withdrawalDelayMs`, `providerPubkey`, `disputeWindowMs`
+
+**Payload known top-level keys:** `s402Version`, `scheme`, `payload`.
+
+**Payload inner keys** (per scheme):
+- `exact`, `stream`, `escrow`: `transaction`, `signature`
+- `unlock`: `transaction`, `signature`, `encryptionId`
+- `prepaid`: `transaction`, `signature`, `ratePerCall`, `maxCalls`
+
+**Settle response known keys:** `success`, `txDigest`, `receiptId`, `finalityMs`, `streamId`, `escrowId`, `balanceId`, `error`, `errorCode`.
+
+### JSON key ordering
+
+s402 vectors use JavaScript's `JSON.stringify()` key ordering (insertion order). Cross-language implementations MUST serialize keys in the same order as the vector files to produce identical base64 output. If your language's JSON serializer uses alphabetical ordering by default, you'll need ordered serialization (e.g., Go's `json.Marshal` on a struct with ordered fields, Python's `json.dumps` with `sort_keys=False`).
+
+Note: **decode also reorders keys**. The decode functions iterate their allowlist in the order listed above, not the input order. If the input JSON has keys in a different order, the decoded output follows the allowlist order. This affects roundtrip tests — the re-encoded output uses the allowlist order, which may differ from the original input order.
+
+### Header size limits
+
+Implementations SHOULD enforce a maximum header size of **64 KiB** (`MAX_HEADER_BYTES = 65536`). Headers exceeding this limit indicate abuse or misconfiguration and SHOULD be rejected before base64 decoding.
+
+### Rejection vector dispatch
+
+Rejection vectors are dispatched in this precedence order:
+
+1. If `expectedErrorCode` is `"RECEIPT_PARSE_ERROR"` → test `parseReceiptHeader`. Note: receipts throw a plain `Error`, not an `s402Error`, since receipts are a separate subsystem.
+2. If `input.decodeAs` is `"payload"` → test `decodePaymentPayload`
+3. If `input.decodeAs` is `"compat"` → test `normalizeRequirements` with the raw JSON (not base64)
+4. Otherwise → test `decodePaymentRequired` (the default)
+
+### Error codes
+
+Rejection vectors use `expectedErrorCode` values from the s402 error code enum:
+
+- `INVALID_PAYLOAD` — malformed or invalid input
+- `RECEIPT_PARSE_ERROR` — malformed receipt header (vector convention for receipt-specific parsing errors)
+
+## Regenerating Vectors
+
+If you modify the s402 encoding logic, regenerate vectors:
+
+```bash
+npx tsx test/conformance/generate-vectors.ts
+```
+
+Then run the conformance tests to verify:
+
+```bash
+pnpm run test
+```

package/test/conformance/vectors/body-transport.json

@@ -0,0 +1,142 @@
+[
+  {
+    "description": "Requirements body encode/decode",
+    "input": {
+      "type": "requirements",
+      "value": {
+        "s402Version": "1",
+        "accepts": [
+          "exact"
+        ],
+        "network": "sui:mainnet",
+        "asset": "0x2::sui::SUI",
+        "amount": "1000000",
+        "payTo": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
+      }
+    },
+    "expected": {
+      "body": "{\"s402Version\":\"1\",\"accepts\":[\"exact\"],\"network\":\"sui:mainnet\",\"asset\":\"0x2::sui::SUI\",\"amount\":\"1000000\",\"payTo\":\"0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890\"}",
+      "decoded": {
+        "s402Version": "1",
+        "accepts": [
+          "exact"
+        ],
+        "network": "sui:mainnet",
+        "asset": "0x2::sui::SUI",
+        "amount": "1000000",
+        "payTo": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
+      }
+    },
+    "shouldReject": false
+  },
+  {
+    "description": "Requirements body with extensions",
+    "input": {
+      "type": "requirements",
+      "value": {
+        "s402Version": "1",
+        "accepts": [
+          "exact"
+        ],
+        "network": "sui:mainnet",
+        "asset": "0x2::sui::SUI",
+        "amount": "1000000",
+        "payTo": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890",
+        "extensions": {
+          "auction": {
+            "type": "sealed-bid",
+            "deadline": 1708000000000
+          },
+          "customField": "hello world"
+        }
+      }
+    },
+    "expected": {
+      "body": "{\"s402Version\":\"1\",\"accepts\":[\"exact\"],\"network\":\"sui:mainnet\",\"asset\":\"0x2::sui::SUI\",\"amount\":\"1000000\",\"payTo\":\"0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890\",\"extensions\":{\"auction\":{\"type\":\"sealed-bid\",\"deadline\":1708000000000},\"customField\":\"hello world\"}}",
+      "decoded": {
+        "s402Version": "1",
+        "accepts": [
+          "exact"
+        ],
+        "network": "sui:mainnet",
+        "asset": "0x2::sui::SUI",
+        "amount": "1000000",
+        "payTo": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890",
+        "extensions": {
+          "auction": {
+            "type": "sealed-bid",
+            "deadline": 1708000000000
+          },
+          "customField": "hello world"
+        }
+      }
+    },
+    "shouldReject": false
+  },
+  {
+    "description": "Payload body encode/decode",
+    "input": {
+      "type": "payload",
+      "value": {
+        "s402Version": "1",
+        "scheme": "exact",
+        "payload": {
+          "transaction": "dHhfYnl0ZXM=",
+          "signature": "c2lnX2J5dGVz"
+        }
+      }
+    },
+    "expected": {
+      "body": "{\"s402Version\":\"1\",\"scheme\":\"exact\",\"payload\":{\"transaction\":\"dHhfYnl0ZXM=\",\"signature\":\"c2lnX2J5dGVz\"}}",
+      "decoded": {
+        "s402Version": "1",
+        "scheme": "exact",
+        "payload": {
+          "transaction": "dHhfYnl0ZXM=",
+          "signature": "c2lnX2J5dGVz"
+        }
+      }
+    },
+    "shouldReject": false
+  },
+  {
+    "description": "Settle body encode/decode",
+    "input": {
+      "type": "settle",
+      "value": {
+        "success": true,
+        "txDigest": "ABC123",
+        "finalityMs": 300
+      }
+    },
+    "expected": {
+      "body": "{\"success\":true,\"txDigest\":\"ABC123\",\"finalityMs\":300}",
+      "decoded": {
+        "success": true,
+        "txDigest": "ABC123",
+        "finalityMs": 300
+      }
+    },
+    "shouldReject": false
+  },
+  {
+    "description": "Settle failure body encode/decode",
+    "input": {
+      "type": "settle",
+      "value": {
+        "success": false,
+        "error": "Gas object not found",
+        "errorCode": "SETTLEMENT_FAILED"
+      }
+    },
+    "expected": {
+      "body": "{\"success\":false,\"error\":\"Gas object not found\",\"errorCode\":\"SETTLEMENT_FAILED\"}",
+      "decoded": {
+        "success": false,
+        "error": "Gas object not found",
+        "errorCode": "SETTLEMENT_FAILED"
+      }
+    },
+    "shouldReject": false
+  }
+]