x402z-server 0.0.2 → 0.0.3

package/dist/index.d.mts

@@ -3,6 +3,7 @@ export * from '@x402/core/types';
 import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
+import { RelayerSigner, RelayerInstance } from 'x402z-shared';
 export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
 type ConfidentialServerNetworkConfig = {
@@ -60,6 +61,8 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
     facilitatorUrl: string;
     routes: Record<string, X402zRouteConfig>;
     onPaid: X402zRouteHandler;
+    signer: RelayerSigner;
+    relayer: RelayerInstance;
     debug?: boolean;
 };
 declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;

package/dist/index.d.ts

@@ -3,6 +3,7 @@ export * from '@x402/core/types';
 import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
+import { RelayerSigner, RelayerInstance } from 'x402z-shared';
 export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
 type ConfidentialServerNetworkConfig = {
@@ -60,6 +61,8 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
     facilitatorUrl: string;
     routes: Record<string, X402zRouteConfig>;
     onPaid: X402zRouteHandler;
+    signer: RelayerSigner;
+    relayer: RelayerInstance;
     debug?: boolean;
 };
 declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;

package/dist/index.js

@@ -124,6 +124,15 @@ var import_node_url = require("url");
 var import_server = require("@x402/core/server");
 var import_http = require("@x402/core/http");
 var import_http2 = require("@x402/core/http");
+var import_x402z_shared = require("x402z-shared");
+var import_viem = require("viem");
+function getRelayerRpcUrl(relayer) {
+  const network = relayer.network;
+  if (typeof network === "string") {
+    return network;
+  }
+  throw new Error("relayer.network must be a string RPC URL");
+}
 function buildAdapter(req) {
   const url = new import_node_url.URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
   return {
@@ -148,6 +157,8 @@ async function createX402zServer(config) {
   const facilitatorClient = new import_http2.HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new import_server.x402ResourceServer(facilitatorClient);
   registerConfidentialEvmScheme(resourceServer, config);
+  const relayer = config.relayer;
+  const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
   for (const [path, route] of Object.entries(config.routes)) {
     routes[path] = {
@@ -188,6 +199,50 @@ async function createX402zServer(config) {
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
       }
+      try {
+        const observerClient = (0, import_viem.createPublicClient)({
+          transport: (0, import_viem.http)(rpcUrl)
+        });
+        const payTo = (0, import_viem.getAddress)(result.paymentRequirements.payTo);
+        const observer = await observerClient.readContract({
+          address: (0, import_viem.getAddress)(result.paymentRequirements.asset),
+          abi: import_x402z_shared.confidentialTokenAbi,
+          functionName: "observer",
+          args: [payTo]
+        });
+        const signerAddress = (0, import_viem.getAddress)(config.signer.address);
+        if (!observer || !(0, import_viem.isAddressEqual)(observer, signerAddress)) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "observer_required" }));
+          console.log(`[server] ${method} ${path} -> 500 observer_required`);
+          return;
+        }
+        const transfers = await (0, import_x402z_shared.viewConfidentialTransferAmounts)({
+          rpcUrl,
+          tokenAddress: result.paymentRequirements.asset,
+          txHash: settle.transaction,
+          from: settle.payer,
+          to: result.paymentRequirements.payTo,
+          relayer,
+          signer: config.signer
+        });
+        const expected = BigInt(result.paymentRequirements.amount);
+        const matched = transfers.some((transfer) => transfer.amount === expected);
+        if (!matched) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
+          console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
+          return;
+        }
+      } catch (error) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "settlement_verification_failed" }));
+        console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
+        if (debugEnabled) {
+          console.debug("[x402z-server] settlement verification error", error);
+        }
+        return;
+      }
       const payload = await config.onPaid({
         paymentRequirements: result.paymentRequirements,
         settleHeaders: settle.headers

package/dist/index.mjs

@@ -93,6 +93,15 @@ import { URL } from "url";
 import { x402ResourceServer } from "@x402/core/server";
 import { x402HTTPResourceServer } from "@x402/core/http";
 import { HTTPFacilitatorClient } from "@x402/core/http";
+import { confidentialTokenAbi, viewConfidentialTransferAmounts } from "x402z-shared";
+import { createPublicClient, getAddress, http, isAddressEqual } from "viem";
+function getRelayerRpcUrl(relayer) {
+  const network = relayer.network;
+  if (typeof network === "string") {
+    return network;
+  }
+  throw new Error("relayer.network must be a string RPC URL");
+}
 function buildAdapter(req) {
   const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
   return {
@@ -117,6 +126,8 @@ async function createX402zServer(config) {
   const facilitatorClient = new HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new x402ResourceServer(facilitatorClient);
   registerConfidentialEvmScheme(resourceServer, config);
+  const relayer = config.relayer;
+  const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
   for (const [path, route] of Object.entries(config.routes)) {
     routes[path] = {
@@ -157,6 +168,50 @@ async function createX402zServer(config) {
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
       }
+      try {
+        const observerClient = createPublicClient({
+          transport: http(rpcUrl)
+        });
+        const payTo = getAddress(result.paymentRequirements.payTo);
+        const observer = await observerClient.readContract({
+          address: getAddress(result.paymentRequirements.asset),
+          abi: confidentialTokenAbi,
+          functionName: "observer",
+          args: [payTo]
+        });
+        const signerAddress = getAddress(config.signer.address);
+        if (!observer || !isAddressEqual(observer, signerAddress)) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "observer_required" }));
+          console.log(`[server] ${method} ${path} -> 500 observer_required`);
+          return;
+        }
+        const transfers = await viewConfidentialTransferAmounts({
+          rpcUrl,
+          tokenAddress: result.paymentRequirements.asset,
+          txHash: settle.transaction,
+          from: settle.payer,
+          to: result.paymentRequirements.payTo,
+          relayer,
+          signer: config.signer
+        });
+        const expected = BigInt(result.paymentRequirements.amount);
+        const matched = transfers.some((transfer) => transfer.amount === expected);
+        if (!matched) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
+          console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
+          return;
+        }
+      } catch (error) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "settlement_verification_failed" }));
+        console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
+        if (debugEnabled) {
+          console.debug("[x402z-server] settlement verification error", error);
+        }
+        return;
+      }
       const payload = await config.onPaid({
         paymentRequirements: result.paymentRequirements,
         settleHeaders: settle.headers

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402z-server",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
@@ -10,7 +10,7 @@
   "dependencies": {
     "@x402/core": "^2.0.0",
     "viem": "^2.43.3",
-    "x402z-shared": "0.0.2"
+    "x402z-shared": "0.0.3"
   },
   "devDependencies": {
     "jest": "^29.7.0",