x402z-server 0.0.2 → 0.0.4

package/README.md

@@ -24,7 +24,7 @@ const server = await createX402zServer({
   asset: "0xToken",
   eip712: { name: "FHEToken Confidential", version: "1" },
   decimals: 6,
-  facilitatorAddress: "0xFacilitator",
+  batcherAddress: "0xBatcher",
   signer: { address, signTypedData },
   relayer,
   routes: {
@@ -51,7 +51,7 @@ server.listen(8080);
 
 - `createX402zServer(config)`
   - `facilitatorUrl` (required): HTTP facilitator endpoint
-  - `asset`, `eip712`, `decimals`, `facilitatorAddress`: scheme config
+- `asset`, `eip712`, `decimals`, `batcherAddress`: scheme config
   - `signer` (required): signer used to decrypt transfer amounts
   - `relayer` (required): FHEVM relayer instance used for decryption
   - `routes`: map of `METHOD /path` to payment requirements
@@ -60,4 +60,4 @@ server.listen(8080);
 ## Notes
 
 - Scheme name: `erc7984-mind-v1`
-- `confidential.facilitatorAddress` is included in requirements so clients can bind encrypted inputs.
+- `confidential.batcherAddress` is required in requirements; clients bind encrypted inputs to it.

package/dist/index.d.mts

@@ -3,6 +3,7 @@ export * from '@x402/core/types';
 import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
+import { RelayerSigner, RelayerInstance } from 'x402z-shared';
 export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
 type ConfidentialServerNetworkConfig = {
@@ -13,7 +14,7 @@ type ConfidentialServerNetworkConfig = {
     };
     decimals?: number;
     resourceHash?: `0x${string}`;
-    facilitatorAddress?: `0x${string}`;
+    batcherAddress: `0x${string}`;
 };
 type ConfidentialServerConfig = ConfidentialServerNetworkConfig | {
     getNetworkConfig: (network: Network) => ConfidentialServerNetworkConfig;
@@ -60,6 +61,8 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
     facilitatorUrl: string;
     routes: Record<string, X402zRouteConfig>;
     onPaid: X402zRouteHandler;
+    signer: RelayerSigner;
+    relayer: RelayerInstance;
     debug?: boolean;
 };
 declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;

package/dist/index.d.ts

@@ -3,6 +3,7 @@ export * from '@x402/core/types';
 import { x402ResourceServer } from '@x402/core/server';
 export { x402ResourceServer } from '@x402/core/server';
 import * as http from 'http';
+import { RelayerSigner, RelayerInstance } from 'x402z-shared';
 export { CompiledRoute, DynamicPayTo, DynamicPrice, FacilitatorClient, FacilitatorConfig, HTTPAdapter, HTTPFacilitatorClient, HTTPProcessResult, HTTPRequestContext, HTTPResponseInstructions, PaymentOption, PaywallConfig, PaywallProvider, ProcessSettleFailureResponse, ProcessSettleResultResponse, ProcessSettleSuccessResponse, RouteConfig, RouteConfigurationError, RouteValidationError, RoutesConfig, UnpaidResponseBody, UnpaidResponseResult, x402HTTPResourceServer } from '@x402/core/http';
 
 type ConfidentialServerNetworkConfig = {
@@ -13,7 +14,7 @@ type ConfidentialServerNetworkConfig = {
     };
     decimals?: number;
     resourceHash?: `0x${string}`;
-    facilitatorAddress?: `0x${string}`;
+    batcherAddress: `0x${string}`;
 };
 type ConfidentialServerConfig = ConfidentialServerNetworkConfig | {
     getNetworkConfig: (network: Network) => ConfidentialServerNetworkConfig;
@@ -60,6 +61,8 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
     facilitatorUrl: string;
     routes: Record<string, X402zRouteConfig>;
     onPaid: X402zRouteHandler;
+    signer: RelayerSigner;
+    relayer: RelayerInstance;
     debug?: boolean;
 };
 declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;

package/dist/index.js

@@ -52,15 +52,16 @@ var ConfidentialEvmScheme = class {
     }
     const amount = this.parseMoneyToDecimal(price);
     const config = this.getConfig(network);
+    const tokenAmount = this.convertToTokenAmount(amount.toString(), config.decimals ?? 6);
     return {
-      amount: this.convertToTokenAmount(amount.toString(), config.decimals ?? 6),
+      amount: tokenAmount,
       asset: config.asset,
       extra: {
         eip712: config.eip712,
         confidential: {
-          maxClearAmount: amount.toString(),
+          maxClearAmount: tokenAmount,
           resourceHash: config.resourceHash,
-          facilitatorAddress: config.facilitatorAddress
+          batcherAddress: config.batcherAddress
         }
       }
     };
@@ -76,7 +77,7 @@ var ConfidentialEvmScheme = class {
       confidential: {
         maxClearAmount: extra?.confidential?.maxClearAmount ?? paymentRequirements.amount,
         resourceHash: extra?.confidential?.resourceHash ?? config.resourceHash,
-        facilitatorAddress: extra?.confidential?.facilitatorAddress ?? config.facilitatorAddress
+        batcherAddress: extra?.confidential?.batcherAddress ?? config.batcherAddress
       }
     };
     return {
@@ -124,6 +125,15 @@ var import_node_url = require("url");
 var import_server = require("@x402/core/server");
 var import_http = require("@x402/core/http");
 var import_http2 = require("@x402/core/http");
+var import_x402z_shared = require("x402z-shared");
+var import_viem = require("viem");
+function getRelayerRpcUrl(relayer) {
+  const network = relayer.network;
+  if (typeof network === "string") {
+    return network;
+  }
+  throw new Error("relayer.network must be a string RPC URL");
+}
 function buildAdapter(req) {
   const url = new import_node_url.URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
   return {
@@ -148,6 +158,8 @@ async function createX402zServer(config) {
   const facilitatorClient = new import_http2.HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new import_server.x402ResourceServer(facilitatorClient);
   registerConfidentialEvmScheme(resourceServer, config);
+  const relayer = config.relayer;
+  const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
   for (const [path, route] of Object.entries(config.routes)) {
     routes[path] = {
@@ -188,6 +200,54 @@ async function createX402zServer(config) {
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
       }
+      try {
+        const observerClient = (0, import_viem.createPublicClient)({
+          transport: (0, import_viem.http)(rpcUrl)
+        });
+        const payTo = (0, import_viem.getAddress)(result.paymentRequirements.payTo);
+        const observer = await observerClient.readContract({
+          address: (0, import_viem.getAddress)(result.paymentRequirements.asset),
+          abi: import_x402z_shared.confidentialTokenAbi,
+          functionName: "observer",
+          args: [payTo]
+        });
+        const signerAddress = (0, import_viem.getAddress)(config.signer.address);
+        if (!observer || !(0, import_viem.isAddressEqual)(observer, signerAddress)) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "observer_required" }));
+          console.log(`[server] ${method} ${path} -> 500 observer_required`);
+          return;
+        }
+        const batch = settle;
+        const transferredHandle = batch.batch?.transferredHandle;
+        if (!transferredHandle) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "missing_transferred_handle" }));
+          console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
+          return;
+        }
+        const decryptedAmount = await (0, import_x402z_shared.userDecryptEuint64)(
+          relayer,
+          transferredHandle,
+          result.paymentRequirements.asset,
+          config.signer
+        );
+        const expected = BigInt(result.paymentRequirements.amount);
+        if (decryptedAmount !== expected) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
+          console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
+          return;
+        }
+      } catch (error) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "settlement_verification_failed" }));
+        console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
+        if (debugEnabled) {
+          console.debug("[x402z-server] settlement verification error", error);
+        }
+        return;
+      }
       const payload = await config.onPaid({
         paymentRequirements: result.paymentRequirements,
         settleHeaders: settle.headers

package/dist/index.mjs

@@ -21,15 +21,16 @@ var ConfidentialEvmScheme = class {
     }
     const amount = this.parseMoneyToDecimal(price);
     const config = this.getConfig(network);
+    const tokenAmount = this.convertToTokenAmount(amount.toString(), config.decimals ?? 6);
     return {
-      amount: this.convertToTokenAmount(amount.toString(), config.decimals ?? 6),
+      amount: tokenAmount,
       asset: config.asset,
       extra: {
         eip712: config.eip712,
         confidential: {
-          maxClearAmount: amount.toString(),
+          maxClearAmount: tokenAmount,
           resourceHash: config.resourceHash,
-          facilitatorAddress: config.facilitatorAddress
+          batcherAddress: config.batcherAddress
         }
       }
     };
@@ -45,7 +46,7 @@ var ConfidentialEvmScheme = class {
       confidential: {
         maxClearAmount: extra?.confidential?.maxClearAmount ?? paymentRequirements.amount,
         resourceHash: extra?.confidential?.resourceHash ?? config.resourceHash,
-        facilitatorAddress: extra?.confidential?.facilitatorAddress ?? config.facilitatorAddress
+        batcherAddress: extra?.confidential?.batcherAddress ?? config.batcherAddress
       }
     };
     return {
@@ -93,6 +94,15 @@ import { URL } from "url";
 import { x402ResourceServer } from "@x402/core/server";
 import { x402HTTPResourceServer } from "@x402/core/http";
 import { HTTPFacilitatorClient } from "@x402/core/http";
+import { confidentialTokenAbi, userDecryptEuint64 } from "x402z-shared";
+import { createPublicClient, getAddress, http, isAddressEqual } from "viem";
+function getRelayerRpcUrl(relayer) {
+  const network = relayer.network;
+  if (typeof network === "string") {
+    return network;
+  }
+  throw new Error("relayer.network must be a string RPC URL");
+}
 function buildAdapter(req) {
   const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
   return {
@@ -117,6 +127,8 @@ async function createX402zServer(config) {
   const facilitatorClient = new HTTPFacilitatorClient({ url: config.facilitatorUrl });
   const resourceServer = new x402ResourceServer(facilitatorClient);
   registerConfidentialEvmScheme(resourceServer, config);
+  const relayer = config.relayer;
+  const rpcUrl = getRelayerRpcUrl(relayer);
   const routes = {};
   for (const [path, route] of Object.entries(config.routes)) {
     routes[path] = {
@@ -157,6 +169,54 @@ async function createX402zServer(config) {
         console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
         return;
       }
+      try {
+        const observerClient = createPublicClient({
+          transport: http(rpcUrl)
+        });
+        const payTo = getAddress(result.paymentRequirements.payTo);
+        const observer = await observerClient.readContract({
+          address: getAddress(result.paymentRequirements.asset),
+          abi: confidentialTokenAbi,
+          functionName: "observer",
+          args: [payTo]
+        });
+        const signerAddress = getAddress(config.signer.address);
+        if (!observer || !isAddressEqual(observer, signerAddress)) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "observer_required" }));
+          console.log(`[server] ${method} ${path} -> 500 observer_required`);
+          return;
+        }
+        const batch = settle;
+        const transferredHandle = batch.batch?.transferredHandle;
+        if (!transferredHandle) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "missing_transferred_handle" }));
+          console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
+          return;
+        }
+        const decryptedAmount = await userDecryptEuint64(
+          relayer,
+          transferredHandle,
+          result.paymentRequirements.asset,
+          config.signer
+        );
+        const expected = BigInt(result.paymentRequirements.amount);
+        if (decryptedAmount !== expected) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
+          console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
+          return;
+        }
+      } catch (error) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "settlement_verification_failed" }));
+        console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
+        if (debugEnabled) {
+          console.debug("[x402z-server] settlement verification error", error);
+        }
+        return;
+      }
       const payload = await config.onPaid({
         paymentRequirements: result.paymentRequirements,
         settleHeaders: settle.headers

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402z-server",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
@@ -10,7 +10,7 @@
   "dependencies": {
     "@x402/core": "^2.0.0",
     "viem": "^2.43.3",
-    "x402z-shared": "0.0.2"
+    "x402z-shared": "0.0.4"
   },
   "devDependencies": {
     "jest": "^29.7.0",