wolverine-ai 5.5.0 → 5.5.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "5.5.0",
+  "version": "5.5.2",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {

package/src/brain/brain.js

@@ -190,15 +190,15 @@ const SEED_DOCS = [
     metadata: { topic: "notifications" },
   },
   {
-    text: "x402 paid APIs — turn any route into a paid API with one flag. Register the plugin: fastify.register(require('wolverine-ai/src/middleware/x402-fastify')). Add { config: { x402: { price: '$0.10' } } } to any route. Routes WITHOUT x402 config are unaffected. Two modes: (1) Fixed price: { x402: { price: '$0.10' } }. (2) Variable price: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } }. Uses @coinbase/x402 facilitator (built-in, no auth config needed) + x402/verify for payment verification and on-chain settlement. Protocol is x402 v1 — network must be 'base' (NOT 'eip155:8453'). Payment header: X-PAYMENT or payment-signature (base64 JSON). Verify happens in preHandler hook, settle happens in onSend hook (after handler succeeds). Vault wallet auto-detected as payTo. Requires: Node 22+, CDP_API_KEY_ID + CDP_API_KEY_SECRET in .env.local (get free at cdp.coinbase.com), npm packages @coinbase/x402 + x402 + viem. CRITICAL SETUP NOTES: (1) network MUST be 'base' not 'eip155:8453' — the v1 SDK uses human-readable names. (2) Do NOT set a facilitator URL in settings.json — the @coinbase/x402 package has it built-in. (3) paymentRequirements.resource must be a full URL (https://host/path) not 'POST /path'. (4) paymentRequirements.asset must be checksummed via viem's getAddress(). (5) paymentRequirements.extra must be { name: 'USD Coin', version: '2' } for USDC EIP-712 domain. (6) maxAmountRequired must match the user's payment value for variable pricing. (7) Frontend payment payload format: { x402Version: 1, scheme: 'exact', network: 'base', payload: { authorization: { from, to, value (decimal string), validAfter (string), validBefore (string), nonce (0x hex) }, signature } }. Dashboard tracks x402 payments, revenue by route, USDC/ETH balances.",
+    text: "x402 paid APIs — turn any route into a paid API with one flag. Register the plugin: fastify.register(require('wolverine-ai/src/middleware/x402-fastify')). Add { config: { x402: { price: '$0.10' } } } to any route. Routes WITHOUT x402 config are unaffected. Two modes: (1) Fixed price: { x402: { price: '$0.10' } }. (2) Variable price: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } }. Uses x402 v2 protocol: @x402/core SDK (x402ResourceServer + ExactEvmScheme) with @coinbase/x402 facilitator for CDP auth. The trick: pass @coinbase/x402's facilitator config to @x402/core's HTTPFacilitatorClient — this gives v2 protocol with working CDP JWT auth. Network is CAIP-2 format 'eip155:8453' (Base mainnet). Payment header: X-PAYMENT or payment-signature (base64 JSON). Verify AND settle both happen in preHandler — handler only runs after USDC moves on-chain. Vault wallet auto-detected as payTo. Requires: Node 22+, CDP_API_KEY_ID + CDP_API_KEY_SECRET in .env.local (free at cdp.coinbase.com), npm packages @coinbase/x402 + @x402/core + @x402/evm + viem. Auto-installed on startup when vault exists. CRITICAL: (1) Do NOT set facilitator URL in settings.json. (2) paymentRequirements uses 'amount' field (v2) not 'maxAmountRequired' (v1). (3) paymentRequirements.extra = { name: 'USD Coin', version: '2' } for EIP-712. (4) Frontend payload: { x402Version: 2, scheme: 'exact', network: 'eip155:8453', payload: { authorization: { from, to, value (decimal string), validAfter (string), validBefore (string), nonce (0x hex) }, signature } }. (5) Values must be decimal strings not hex. Dashboard tracks x402 payments, revenue by route, USDC/ETH balances.",
     metadata: { topic: "x402-paid-apis" },
   },
   {
-    text: "x402 examples — making a paid API is as simple as adding a route. FREE route: fastify.get('/api/data', async (req) => { return getData(); }). PAID route: fastify.get('/api/premium', { config: { x402: { price: '$0.01' } } }, async (req) => { return { data: 'premium', paid: req.x402?.amount }; }). CREDIT PURCHASE: fastify.post('/buy', { config: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } }, async (req) => { const credits = parseFloat(req.x402.amount.replace('$','')) * 100; return { credits }; }). Frontend integration: sign EIP-3009 TransferWithAuthorization with eth_signTypedData_v4, build payload as { x402Version: 1, scheme: 'exact', network: 'base', payload: { authorization: {...}, signature } }, base64 encode, send as X-PAYMENT header. Values MUST be decimal strings ('1000000' for $1) NOT hex ('0xf4240'). validAfter = String(now - 600), validBefore = String(now + 300). The facilitator verifies signature then settles on-chain (calls transferWithAuthorization on USDC contract). Handler only runs after verification passes. Settlement happens after handler returns success (onSend hook). req.x402 = { paid: true, amount: '$5.00', from: '0x...', txHash, settled: true }.",
+    text: "x402 examples — making a paid API is as simple as adding a route. FREE route: fastify.get('/api/data', async (req) => { return getData(); }). PAID route: fastify.get('/api/premium', { config: { x402: { price: '$0.01' } } }, async (req) => { return { data: 'premium', paid: req.x402.amount, txHash: req.x402.txHash }; }). CREDIT PURCHASE: fastify.post('/buy', { config: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } }, async (req) => { const credits = parseFloat(req.x402.amount.replace('$','')) * 100; return { credits, txHash: req.x402.txHash }; }). Frontend integration: sign EIP-3009 TransferWithAuthorization with eth_signTypedData_v4. v2 payload format: { x402Version: 2, payload: { authorization: { from, to, value (decimal string), validAfter (string), validBefore (string), nonce (0x hex) }, signature }, accepted: { scheme: 'exact', network: 'eip155:8453', amount: usdcAtomicUnits, asset: USDC_ADDRESS, payTo: receiverAddress, maxTimeoutSeconds: 60, extra: { name: 'USD Coin', version: '2' } } }. CRITICAL: the 'accepted' field is required for v2 — it contains the payment requirements the client accepted. Without it the facilitator returns 400 'paymentPayload is invalid'. Base64 encode the payload and send as X-PAYMENT header. Values MUST be decimal strings ('1000000' for $1) NOT hex. validAfter = String(now - 600), validBefore = String(now + 300). Both verify + settle happen in preHandler BEFORE handler runs. Handler only executes after USDC moves on-chain. req.x402 = { paid: true, amount: '$5.00', from: '0x...', txHash: '0x...', settled: true }.",
     metadata: { topic: "x402-examples" },
   },
   {
-    text: "x402 troubleshooting — common issues and fixes. (1) 'Invalid network': using 'eip155:8453' instead of 'base' — the @coinbase/x402 v1 SDK uses human-readable network names. (2) 'Unauthorized' from facilitator: either wrong CDP_API_KEY_ID/SECRET, or a facilitator URL override in settings.json pointing to api.cdp.coinbase.com (remove it, let the built-in handle auth). (3) '400 Bad Request': payload format mismatch — ensure x402Version:1, scheme:'exact', network:'base'. Don't use exact.evm.decodePayment() on the server, parse the base64 JSON directly. (4) 'invalid_exact_evm_payload_signature': the EIP-712 signature is wrong — check that the frontend signs with the correct domain (name:'USD Coin', version:'2', chainId:8453, verifyingContract:USDC address). (5) USDC not moving: the old middleware only verified signatures without calling the facilitator settle — must use @coinbase/x402 facilitator which handles verify+settle. (6) Frontend value showing as hex (0xf4240): must use decimal strings. (7) SDK not loading: @coinbase/x402 + x402 are ESM packages, need Node 22+. On Node 18 they fail with ERR_REQUIRE_ESM. (8) Packages disappearing after --update: add @coinbase/x402, x402, viem to package.json dependencies so npm install preserves them.",
+    text: "x402 troubleshooting — common issues and fixes. (1) 'Unauthorized' from CDP facilitator: the @coinbase/x402 package handles JWT auth internally using CDP_API_KEY_ID + CDP_API_KEY_SECRET from env vars — do NOT set a facilitator URL in settings.json. (2) '400 Bad Request': payload format mismatch — v2 uses x402Version:2, network:'eip155:8453', amount (not maxAmountRequired). Parse base64 JSON directly, don't use decodePayment(). (3) 'invalid_exact_evm_payload_signature': EIP-712 signature wrong — check domain (name:'USD Coin', version:'2', chainId:8453, verifyingContract:USDC). (4) USDC not moving: old middleware only verified without settling — must use x402ResourceServer.verifyPayment() + settlePayment() which goes through the CDP facilitator. (5) Frontend value as hex (0xf4240): must use decimal strings ('1000000'). (6) ESM errors: @coinbase/x402 needs Node 22+. (7) Packages disappearing after --update: they're in package.json dependencies + auto-installed on startup when vault exists. (8) Credits granted before settlement: verify+settle must both be in preHandler, not onSend. (9) v2 auth trick: pass @coinbase/x402's facilitator config to @x402/core HTTPFacilitatorClient — this gives v2 protocol with CDP auth that actually works.",
     metadata: { topic: "x402-troubleshooting" },
   },
   {

package/src/core/init-server.js

@@ -77,7 +77,7 @@ function ensureX402Deps(cwd) {
   console.log(chalk.blue("  📦 Installing x402 payment dependencies..."));
   try {
     const { execSync } = require("child_process");
-    execSync("npm install @coinbase/x402 x402 viem --no-save --ignore-engines 2>/dev/null", {
+    execSync("npm install @coinbase/x402 @x402/core @x402/evm x402 viem --no-save --ignore-engines 2>/dev/null", {
       cwd,
       stdio: "pipe",
       timeout: 60000,