oneshot-python 0.4.0__tar.gz → 0.5.0__tar.gz

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oneshot-python
-Version: 0.4.0
+Version: 0.5.0
 Summary: Core Python SDK for the OneShot API — HTTP client with x402 payment handling
 License-Expression: MIT
 Requires-Python: >=3.10

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/README.md

@@ -55,7 +55,7 @@ Paid endpoints use the [x402 protocol](https://x402.org):
 1. Client POSTs to a tool endpoint
 2. API returns `402 Payment Required` with a USDC quote
 3. Client signs a `TransferWithAuthorization` (EIP-3009) locally
-4. Client re-POSTs with the signed payment in the `x-payment` header
+4. Client re-POSTs with the signed payment in the `payment-signature` header
 5. API processes the request and returns the result
 
 Your private key never leaves your machine. All signing happens locally via `eth-account`.

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/oneshot/client.py

@@ -23,7 +23,7 @@ from oneshot._errors import (
     ToolError,
     ValidationError,
 )
-from oneshot.x402 import sign_payment_authorization
+from oneshot.x402 import sign_payment_authorization, encode_payment_header
 
 SDK_VERSION = "0.3.0"
 
@@ -162,10 +162,12 @@ class OneShotClient:
                 network=f"eip155:{payment_request['chain_id']}",
             )
 
-            # Step 4 — Re-POST with payment headers
+            # Step 4 — Re-POST with payment headers (x402 format)
+            auth_json = json.dumps(auth)
             headers = {
                 **self._headers(),
-                "x-payment": json.dumps(auth),
+                "payment-signature": encode_payment_header(auth),
+                "x-payment": auth_json,  # backwards compat for identity extraction
             }
             if quote_id:
                 headers["x-quote-id"] = quote_id

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/oneshot/x402.py

@@ -1,12 +1,16 @@
 """EIP-712 payment signing for x402 protocol (USDC TransferWithAuthorization).
 
-Ports the signing logic from:
-- libs/agent-sdk/src/index.ts (L1511-1568)
-- apps/api-service/src/services/x402-facilitator.ts (L28-29) for domain names
+Produces x402 PaymentPayload v1 format compatible with @x402/core SDK:
+  { x402Version: 1, scheme: "exact", network: "eip155:8453",
+    payload: { signature: "0x...", authorization: { from, to, value, ... } } }
+
+The payload is base64-encoded and sent as the `payment-signature` header.
 """
 
 from __future__ import annotations
 
+import base64
+import json
 import os
 import time
 from typing import Any, TypedDict
@@ -15,24 +19,13 @@ from eth_account import Account
 from eth_account.messages import encode_typed_data
 
 
-class PaymentSignature(TypedDict):
-    v: int
-    r: str
-    s: str
-
-
 class PaymentAuthorization(TypedDict):
-    """Mirrors the TS SDK PaymentAuthorization interface."""
-
-    from_address: str  # 'from' is reserved in Python
-    to: str
-    value: str
-    validAfter: int
-    validBefore: int
-    nonce: str
-    signature: PaymentSignature
+    """x402 PaymentPayload v1 format."""
+
+    x402Version: int
+    scheme: str
     network: str
-    token: str
+    payload: dict[str, Any]
 
 
 def _get_usdc_domain_name(chain_id: int) -> str:
@@ -62,11 +55,13 @@ def sign_payment_authorization(
         network: CAIP-2 network string (e.g. "eip155:8453").
 
     Returns:
-        Payment authorization dict ready to be JSON-serialized as x-payment header.
+        x402 PaymentPayload v1 dict.
     """
     # Convert human-readable amount to USDC base units (6 decimals)
     value = _parse_usdc_amount(amount)
     now = int(time.time())
+    valid_after = now - 300
+    valid_before = now + 3600
     nonce = "0x" + os.urandom(32).hex()
 
     domain_data = {
@@ -91,8 +86,8 @@ def sign_payment_authorization(
         "from": from_address,
         "to": to_address,
         "value": value,
-        "validAfter": now - 300,
-        "validBefore": now + 3600,
+        "validAfter": valid_after,
+        "validBefore": valid_before,
         "nonce": bytes.fromhex(nonce[2:]),
     }
 
@@ -103,23 +98,30 @@ def sign_payment_authorization(
     )
     signed = Account.sign_message(signable, private_key=private_key)
 
+    # x402 PaymentPayload v1 format
     return {
-        "from": from_address,
-        "to": to_address,
-        "value": str(value),
-        "validAfter": now - 300,
-        "validBefore": now + 3600,
-        "nonce": nonce,
-        "signature": {
-            "v": signed.v,
-            "r": hex(signed.r),
-            "s": hex(signed.s),
-        },
+        "x402Version": 1,
+        "scheme": "exact",
         "network": network,
-        "token": token_address,
+        "payload": {
+            "signature": "0x" + (signed.signature.hex() if isinstance(signed.signature, bytes) else format(signed.signature, 'x')),
+            "authorization": {
+                "from": from_address,
+                "to": to_address,
+                "value": str(value),
+                "validAfter": str(valid_after),
+                "validBefore": str(valid_before),
+                "nonce": nonce,
+            },
+        },
     }
 
 
+def encode_payment_header(auth: dict[str, Any]) -> str:
+    """Base64-encode a PaymentPayload dict for the payment-signature header."""
+    return base64.b64encode(json.dumps(auth).encode()).decode()
+
+
 def _parse_usdc_amount(amount: str) -> int:
     """Convert a human-readable USDC amount to base units (6 decimals).
 

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "oneshot-python"
-version = "0.4.0"
+version = "0.5.0"
 description = "Core Python SDK for the OneShot API — HTTP client with x402 payment handling"
 readme = {text = "Core Python SDK for the OneShot API", content-type = "text/plain"}
 license = "MIT"

{oneshot_python-0.4.0 → oneshot_python-0.5.0}/tests/test_x402.py

@@ -4,13 +4,19 @@ Verifies that:
 1. USDC amount parsing is correct (6 decimals)
 2. EIP-712 signatures are valid and recoverable
 3. Domain name is "USD Coin" for Base Mainnet
+4. Output matches x402 PaymentPayload v1 format
+5. Base64 encoding for payment-signature header works
 """
 
+import base64
+import json
+
 from eth_account import Account
 
 from oneshot.x402 import (
     _get_usdc_domain_name,
     _parse_usdc_amount,
+    encode_payment_header,
     sign_payment_authorization,
 )
 
@@ -49,7 +55,7 @@ class TestDomainName:
 
 
 class TestSignPaymentAuthorization:
-    def test_returns_valid_structure(self) -> None:
+    def test_returns_x402_payload_v1_format(self) -> None:
         auth = sign_payment_authorization(
             private_key=TEST_PRIVATE_KEY,
             from_address=TEST_ADDRESS,
@@ -60,22 +66,25 @@ class TestSignPaymentAuthorization:
             network="eip155:8453",
         )
 
-        # Check all required fields
-        assert auth["from"] == TEST_ADDRESS
-        assert auth["to"] == "0x70997970C51812dc3A010C7d01b50e0d17dc79C8"
-        assert auth["value"] == "1000000"
-        assert isinstance(auth["validAfter"], int)
-        assert isinstance(auth["validBefore"], int)
-        assert auth["validBefore"] > auth["validAfter"]
-        assert auth["nonce"].startswith("0x") and len(auth["nonce"]) == 66
+        # x402 PaymentPayload v1 envelope
+        assert auth["x402Version"] == 1
+        assert auth["scheme"] == "exact"
         assert auth["network"] == "eip155:8453"
-        assert auth["token"] == USDC_ADDRESS
 
-        # Check signature
-        sig = auth["signature"]
-        assert sig["v"] in (27, 28)
-        assert sig["r"].startswith("0x")
-        assert sig["s"].startswith("0x")
+        # Payload contains signature and authorization
+        payload = auth["payload"]
+        assert isinstance(payload["signature"], str)
+        assert payload["signature"].startswith("0x")
+
+        # Authorization fields
+        authorization = payload["authorization"]
+        assert authorization["from"] == TEST_ADDRESS
+        assert authorization["to"] == "0x70997970C51812dc3A010C7d01b50e0d17dc79C8"
+        assert authorization["value"] == "1000000"
+        assert isinstance(authorization["validAfter"], str)
+        assert isinstance(authorization["validBefore"], str)
+        assert int(authorization["validBefore"]) > int(authorization["validAfter"])
+        assert authorization["nonce"].startswith("0x") and len(authorization["nonce"]) == 66
 
     def test_different_calls_produce_different_nonces(self) -> None:
         auth1 = sign_payment_authorization(
@@ -97,4 +106,24 @@ class TestSignPaymentAuthorization:
             network="eip155:8453",
         )
 
-        assert auth1["nonce"] != auth2["nonce"]
+        assert auth1["payload"]["authorization"]["nonce"] != auth2["payload"]["authorization"]["nonce"]
+
+
+class TestEncodePaymentHeader:
+    def test_base64_roundtrip(self) -> None:
+        auth = sign_payment_authorization(
+            private_key=TEST_PRIVATE_KEY,
+            from_address=TEST_ADDRESS,
+            to_address="0x70997970C51812dc3A010C7d01b50e0d17dc79C8",
+            amount="0.50",
+            token_address=USDC_ADDRESS,
+            chain_id=CHAIN_ID,
+            network="eip155:8453",
+        )
+
+        encoded = encode_payment_header(auth)
+        decoded = json.loads(base64.b64decode(encoded))
+
+        assert decoded["x402Version"] == 1
+        assert decoded["scheme"] == "exact"
+        assert decoded["payload"]["authorization"]["value"] == "500000"