wolverine-ai 5.2.6 → 5.2.8

package/.env.example

@@ -16,6 +16,13 @@ WOLVERINE_API_KEY=
 # Generate: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
 WOLVERINE_ADMIN_KEY=
 
+# ── CDP x402 Facilitator (mainnet payments) ──────────────────────
+# Required for x402 USDC payments on Base mainnet.
+# Sign up free at https://cdp.coinbase.com → create project → get keys
+# Without these, x402 only works on testnet (Base Sepolia).
+CDP_API_KEY_ID=
+CDP_API_KEY_SECRET=
+
 # ── Custom Secrets ───────────────────────────────────────────────
 # Add any secret here — wolverine automatically redacts its value
 # from all AI calls, logs, brain storage, and dashboard output.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "5.2.6",
+  "version": "5.2.8",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {

package/src/middleware/x402-fastify.js

@@ -1,6 +1,11 @@
 const fs = require("fs");
 const path = require("path");
 
+// Node 18 needs globalThis.crypto for CDP SDK (Ed25519 JWT signing)
+if (!globalThis.crypto) {
+  globalThis.crypto = require("crypto").webcrypto;
+}
+
 /**
  * x402 Fastify Plugin — add crypto payments to any route with one flag.
  *
@@ -16,7 +21,7 @@ const USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
 
 let _payTo = null;
 let _network = "eip155:8453";
-let _facilitatorUrl = "https://www.x402.org/facilitator";
+let _facilitatorUrl = "https://api.cdp.coinbase.com/platform/v2/x402";
 
 async function x402Plugin(fastify, opts) {
   _network = opts.network || _network;
@@ -42,10 +47,9 @@ async function x402Plugin(fastify, opts) {
 
   // Auto-select facilitator based on network
   if (!opts.facilitator) {
-    const isTestnet = _network.includes("84532") || _network.includes("11155");
-    _facilitatorUrl = isTestnet
-      ? "https://www.x402.org/facilitator"
-      : "https://www.x402.org/facilitator"; // www. avoids 308 redirect from x402.org
+    if (!process.env.CDP_API_KEY_ID) {
+      console.log(`  ⚠️ x402: CDP_API_KEY_ID not set — facilitator auth may fail`);
+    }
   }
 
   if (_payTo) {
@@ -224,9 +228,29 @@ async function _facilitatorCall(endpoint, paymentPayload, paymentRequirements) {
     const controller = new AbortController();
     const timeout = setTimeout(() => controller.abort(), 30000);
 
+    // Build headers — add CDP JWT auth if using CDP facilitator
+    const headers = { "Content-Type": "application/json" };
+    if (url.includes("api.cdp.coinbase.com") && process.env.CDP_API_KEY_ID) {
+      try {
+        // Use dynamic import for @coinbase/cdp-sdk (ESM-only jose dependency)
+        const { generateJwt } = await import("@coinbase/cdp-sdk/auth");
+        const parsedUrl = new URL(url);
+        const jwt = await generateJwt({
+          apiKeyId: process.env.CDP_API_KEY_ID,
+          apiKeySecret: process.env.CDP_API_KEY_SECRET,
+          requestMethod: "POST",
+          requestHost: `https://${parsedUrl.host}`,
+          requestPath: parsedUrl.pathname,
+        });
+        headers["Authorization"] = `Bearer ${jwt}`;
+      } catch (authErr) {
+        console.log(`  ⚠️ x402 CDP auth failed: ${authErr.message}`);
+      }
+    }
+
     const response = await fetch(url, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers,
       body,
       redirect: "follow",
       signal: controller.signal,