paynode-sdk-python 2.0.0__tar.gz → 2.1.0__tar.gz

{paynode_sdk_python-2.0.0/paynode_sdk_python.egg-info → paynode_sdk_python-2.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: paynode-sdk-python
-Version: 2.0.0
+Version: 2.1.0
 Summary: PayNode Protocol Python SDK for AI Agents
 Author-email: PayNodeLabs <contact@paynode.dev>
 License: MIT
@@ -54,7 +54,7 @@ response = agent.request_gate("https://api.merchant.com/premium-data", method="P
 print(response.json())
 ```
 
-### Key Features (v2.0)
+### Key Features (v2.1)
 - **EIP-3009 Support**: Sign payments off-chain using `TransferWithAuthorization`, allowing for gasless or relayer-mediated settlement.
 - **X402 V2 Protocol**: JSON-based handshake for more structured and machine-readable payment instructions.
 - **Dual Flow**: Automatic fallback to V1 (on-chain receipts) for legacy merchant support.

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/README.md

@@ -34,7 +34,7 @@ response = agent.request_gate("https://api.merchant.com/premium-data", method="P
 print(response.json())
 ```
 
-### Key Features (v2.0)
+### Key Features (v2.1)
 - **EIP-3009 Support**: Sign payments off-chain using `TransferWithAuthorization`, allowing for gasless or relayer-mediated settlement.
 - **X402 V2 Protocol**: JSON-based handshake for more structured and machine-readable payment instructions.
 - **Dual Flow**: Automatic fallback to V1 (on-chain receipts) for legacy merchant support.

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/client.py

@@ -8,7 +8,7 @@ from eth_account.messages import encode_typed_data
 from web3 import Web3
 from requests.adapters import HTTPAdapter
 from urllib3.util.retry import Retry
-from .constants import PAYNODE_ROUTER_ADDRESS, BASE_USDC_ADDRESS, BASE_USDC_DECIMALS, BASE_RPC_URLS, ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT
+from .constants import PAYNODE_ROUTER_ADDRESS, BASE_USDC_ADDRESS, BASE_USDC_DECIMALS, BASE_RPC_URLS, ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT, PAYNODE_ROUTER_ABI
 from .errors import PayNodeException, ErrorCode
 
 logger = logging.getLogger("paynode_sdk.client")
@@ -22,6 +22,7 @@ class PayNodeAgentClient:
     def __init__(self, private_key: str, rpc_urls: list | str = BASE_RPC_URLS):
         self.rpc_urls = rpc_urls if isinstance(rpc_urls, list) else [rpc_urls]
         self.w3 = self._init_w3()
+        self.current_rpc_index = 0
         
         # Initialize account and discard private key string
         self.account = self.w3.eth.account.from_key(private_key)
@@ -61,6 +62,24 @@ class PayNodeAgentClient:
                     
         raise PayNodeException(ErrorCode.rpc_error, message="All provided RPC nodes are unreachable.")
 
+    def _rotate_rpc(self):
+        """Switches to the next available RPC node in the list."""
+        self.current_rpc_index = (self.current_rpc_index + 1) % len(self.rpc_urls)
+        new_url = self.rpc_urls[self.current_rpc_index]
+        logger.warning(f"⚠️ [PayNode-PY] RPC failure detected. Rotating to: {new_url}")
+        self.w3 = Web3(Web3.HTTPProvider(new_url, request_kwargs={'timeout': 10}))
+
+    def _call_with_failover(self, func, *args, **kwargs):
+        """Wrapper to retry a web3 call with RPC failover."""
+        for attempt in range(len(self.rpc_urls)):
+            try:
+                return func(*args, **kwargs)
+            except Exception as e:
+                if attempt < len(self.rpc_urls) - 1:
+                    self._rotate_rpc()
+                else:
+                    raise e
+
     def request_gate(self, url: str, method: str = "GET", **kwargs):
         """The high-level autonomous method handling 402 loop."""
         return self._request_with_402_retry(method.upper(), url, **kwargs)
@@ -71,12 +90,12 @@ class PayNodeAgentClient:
     def post(self, url, **kwargs):
         return self.request_gate(url, "POST", **kwargs)
 
-    def _request_with_402_retry(self, method, url, max_retries=3, **kwargs):
+    def _request_with_402_retry(self, method: str, url: str, max_retries: int = 3, **kwargs) -> requests.Response:
         response = None
-        for _ in range(max_retries):
+        for attempt in range(max_retries):
             response = self.session.request(method, url, **kwargs)
             if response.status_code == 402:
-                logger.info("💡 [PayNode-PY] 402 Detected. Analyzing protocol version...")
+                logger.info(f"💡 [PayNode-PY] 402 Detected (Attempt {attempt+1}/{max_retries}). Analyzing protocol version...")
                 
                 # Check for x402 v2 (JSON body or X-402-Required header)
                 content_type = response.headers.get('Content-Type', '')
@@ -101,14 +120,22 @@ class PayNodeAgentClient:
                 if body and body.get('x402Version') == 2:
                     logger.info("🚀 [PayNode-PY] x402 v2 detected. Handling autonomous payment...")
                     if order_id: body['orderId'] = order_id
-                    kwargs = self._handle_x402_v2(body, **kwargs)
+                    kwargs = self._handle_x402_v2(url, body, **kwargs)
                     continue
 
                 raise PayNodeException(ErrorCode.internal_error, message="Unsupported or malformed 402 response")
+            
             return response
+
+        if response and response.status_code == 402:
+            raise PayNodeException(ErrorCode.internal_error, message="Still 402 after all payment attempts. The server may have rejected the payment or authorization.")
         return response
 
-    def _handle_x402_v2(self, requirements, **kwargs):
+    def _handle_x402_v2(self, url: str, requirements: dict, **kwargs) -> dict:
+        """
+        Internal handler for X402 V2/V3.1 protocol.
+        Analyzes requirements, executes payment, and returns updated kwargs for retrying the request.
+        """
         chain_id = self.w3.eth.chain_id
         caip2_chain_id = f"eip155:{chain_id}"
 
@@ -119,13 +146,18 @@ class PayNodeAgentClient:
         if not requirement:
             raise PayNodeException(ErrorCode.internal_error, message=f"No compatible payment requirement found for network {caip2_chain_id}")
 
+        # 🛡️ Token Whitelist Check
+        chain_tokens = ACCEPTED_TOKENS.get(chain_id, [])
+        if chain_tokens and requirement.get('asset').lower() not in [t.lower() for t in chain_tokens]:
+            raise PayNodeException(ErrorCode.token_not_accepted, message=f"Token {requirement['asset']} is not in the whitelist for chain {chain_id}")
+
         logger.info(f"💡 [PayNode-PY] Payment request (v2): {requirement['amount']} atomic units of {requirement['asset']} to {requirement['payTo']}")
         
         # Dust limit check
         if int(requirement['amount']) < MIN_PAYMENT_AMOUNT:
             raise PayNodeException(ErrorCode.amount_too_low, message=f"Payment amount {requirement['amount']} is below the minimum dust limit of {MIN_PAYMENT_AMOUNT}")
 
-        order_id = requirement.get('orderId') or requirements.get('orderId') or urlparse(kwargs.get('url', '')).path
+        order_id = requirement.get('orderId') or requirements.get('orderId') or urlparse(url).path
         
         payload_data = {}
         ptype = requirement.get('type', 'onchain')
@@ -160,9 +192,13 @@ class PayNodeAgentClient:
             allowance = self._get_allowance(asset, router_addr)
 
             if allowance >= amount:
-                tx_hash = self.pay(router_addr, asset, requirement['payTo'], amount, order_id)
+                try:
+                    tx_hash = self.pay(router_addr, asset, requirement['payTo'], amount, order_id)
+                except Exception as e:
+                    logger.warning(f"⚠️ [PayNode-PY] Direct pay failed (possibly allowance race), falling back to permit: {e}")
+                    tx_hash = self.pay_with_permit(router_addr, asset, requirement['payTo'], amount, order_id, version=requirement.get('extra', {}).get('version', '2'))
             else:
-                tx_hash = self.pay_with_permit(router_addr, asset, requirement['payTo'], amount, order_id)
+                tx_hash = self.pay_with_permit(router_addr, asset, requirement['payTo'], amount, order_id, version=requirement.get('extra', {}).get('version', '2'))
             
             payload_data = {"txHash": tx_hash}
 
@@ -249,11 +285,14 @@ class PayNodeAgentClient:
         }
 
     def _get_allowance(self, token_addr, spender_addr):
+        return self._call_with_failover(self.__get_allowance_raw, token_addr, spender_addr)
+
+    def __get_allowance_raw(self, token_addr, spender_addr):
         abi = [{"constant": True, "inputs": [{"name": "o", "type": "address"}, {"name": "s", "type": "address"}], "name": "allowance", "outputs": [{"name": "", "type": "uint256"}], "type": "function"}]
         token = self.w3.eth.contract(address=Web3.to_checksum_address(token_addr), abi=abi)
         return token.functions.allowance(self.account.address, Web3.to_checksum_address(spender_addr)).call()
 
-    def sign_permit(self, token_addr, spender_addr, amount, deadline=None):
+    def sign_permit(self, token_addr: str, spender_addr: str, amount: int, deadline: int = None, version: str = "2"):
         if deadline is None:
             deadline = int(time.time()) + 3600
         
@@ -269,7 +308,7 @@ class PayNodeAgentClient:
         name = token.functions.name().call()
         chain_id = self.w3.eth.chain_id
 
-        domain = {"name": name, "version": "1", "chainId": chain_id, "verifyingContract": token_addr}
+        domain = {"name": name, "version": version, "chainId": chain_id, "verifyingContract": token_addr}
         message = {"owner": self.account.address, "spender": spender_addr, "value": amount, "nonce": nonce, "deadline": deadline}
         types = {
             "EIP712Domain": [
@@ -284,12 +323,19 @@ class PayNodeAgentClient:
         }
         structured_data = {"types": types, "domain": domain, "primaryType": "Permit", "message": message}
         signed = self.account.sign_typed_data(full_message=structured_data)
-        return {"v": signed.v, "r": Web3.to_bytes(signed.r).rjust(32, b'\0'), "s": Web3.to_bytes(signed.s).rjust(32, b'\0'), "deadline": deadline}
+        
+        # NOTE: r/s padding to 32 bytes ensures bytes32 compatibility
+        r_bytes = Web3.to_bytes(signed.r).rjust(32, b'\0')
+        s_bytes = Web3.to_bytes(signed.s).rjust(32, b'\0')
+        
+        return {"v": signed.v, "r": r_bytes, "s": s_bytes, "deadline": deadline}
+
+    def pay_with_permit(self, router_addr, token_addr, merchant_addr, amount, order_id, version="2"):
+        return self._call_with_failover(self.__pay_with_permit_raw, router_addr, token_addr, merchant_addr, amount, order_id, version)
 
-    def pay_with_permit(self, router_addr, token_addr, merchant_addr, amount, order_id):
-        sig = self.sign_permit(token_addr, router_addr, amount)
-        router_abi = [{"inputs": [{"name": "payer", "type": "address"}, {"name": "token", "type": "address"}, {"name": "merchant", "type": "address"}, {"name": "amount", "type": "uint256"}, {"name": "orderId", "type": "bytes32"}, {"name": "deadline", "type": "uint256"}, {"name": "v", "type": "uint8"}, {"name": "r", "type": "bytes32"}, {"name": "s", "type": "bytes32"}], "name": "payWithPermit", "outputs": [], "stateMutability": "nonpayable", "type": "function"}]
-        router = self.w3.eth.contract(address=Web3.to_checksum_address(router_addr), abi=router_abi)
+    def __pay_with_permit_raw(self, router_addr, token_addr, merchant_addr, amount, order_id, version="2"):
+        sig = self.sign_permit(token_addr, router_addr, amount, version=version)
+        router = self.w3.eth.contract(address=Web3.to_checksum_address(router_addr), abi=PAYNODE_ROUTER_ABI)
         order_id_bytes = self.w3.keccak(text=order_id)
         current_gas_price = int(self.w3.eth.gas_price * 1.2)
         with self.nonce_lock:
@@ -301,8 +347,10 @@ class PayNodeAgentClient:
         return self.w3.to_hex(tx_h)
 
     def pay(self, router_addr, token_addr, merchant_addr, amount, order_id):
-        router_abi = [{"inputs": [{"name": "token", "type": "address"}, {"name": "merchant", "type": "address"}, {"name": "amount", "type": "uint256"}, {"name": "orderId", "type": "bytes32"}], "name": "pay", "outputs": [], "stateMutability": "nonpayable", "type": "function"}]
-        router = self.w3.eth.contract(address=Web3.to_checksum_address(router_addr), abi=router_abi)
+        return self._call_with_failover(self.__pay_raw, router_addr, token_addr, merchant_addr, amount, order_id)
+
+    def __pay_raw(self, router_addr, token_addr, merchant_addr, amount, order_id):
+        router = self.w3.eth.contract(address=Web3.to_checksum_address(router_addr), abi=PAYNODE_ROUTER_ABI)
         order_id_bytes = self.w3.keccak(text=order_id)
         current_gas_price = int(self.w3.eth.gas_price * 1.2)
         with self.nonce_lock:

paynode_sdk_python-2.1.0/paynode_sdk/constants.py

@@ -0,0 +1,20 @@
+# Generated by scripts/sync-config.py
+PAYNODE_ROUTER_ADDRESS = "0x4A73696ccF76E7381b044cB95127B3784369Ed63"
+PAYNODE_ROUTER_ADDRESS_SANDBOX = "0x24cD8b68aaC209217ff5a6ef1Bf55a59f2c8Ca6F"
+BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
+BASE_USDC_ADDRESS_SANDBOX = "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0"
+BASE_USDC_DECIMALS = 6
+
+PROTOCOL_TREASURY = "0x598bF63F5449876efafa7b36b77Deb2070621C0E"
+PROTOCOL_FEE_BPS = 100
+MIN_PAYMENT_AMOUNT = 1000
+
+BASE_RPC_URLS = ["https://mainnet.base.org", "https://base.meowrpc.com", "https://1rpc.io/base"]
+BASE_RPC_URLS_SANDBOX = ["https://sepolia.base.org", "https://base-sepolia-rpc.publicnode.com"]
+
+ACCEPTED_TOKENS = {
+    8453: ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
+    84532: ["0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0"]
+}
+
+PAYNODE_ROUTER_ABI = [{'type': 'constructor', 'inputs': [{'name': '_protocolTreasury', 'type': 'address', 'internalType': 'address'}], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'MAX_BPS', 'inputs': [], 'outputs': [{'name': '', 'type': 'uint256', 'internalType': 'uint256'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'MIN_PAYMENT_AMOUNT', 'inputs': [], 'outputs': [{'name': '', 'type': 'uint256', 'internalType': 'uint256'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'PROTOCOL_FEE_BPS', 'inputs': [], 'outputs': [{'name': '', 'type': 'uint256', 'internalType': 'uint256'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'acceptOwnership', 'inputs': [], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'owner', 'inputs': [], 'outputs': [{'name': '', 'type': 'address', 'internalType': 'address'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'pause', 'inputs': [], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'paused', 'inputs': [], 'outputs': [{'name': '', 'type': 'bool', 'internalType': 'bool'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'pay', 'inputs': [{'name': 'token', 'type': 'address', 'internalType': 'address'}, {'name': 'merchant', 'type': 'address', 'internalType': 'address'}, {'name': 'amount', 'type': 'uint256', 'internalType': 'uint256'}, {'name': 'orderId', 'type': 'bytes32', 'internalType': 'bytes32'}], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'payWithPermit', 'inputs': [{'name': 'payer', 'type': 'address', 'internalType': 'address'}, {'name': 'token', 'type': 'address', 'internalType': 'address'}, {'name': 'merchant', 'type': 'address', 'internalType': 'address'}, {'name': 'amount', 'type': 'uint256', 'internalType': 'uint256'}, {'name': 'orderId', 'type': 'bytes32', 'internalType': 'bytes32'}, {'name': 'deadline', 'type': 'uint256', 'internalType': 'uint256'}, {'name': 'v', 'type': 'uint8', 'internalType': 'uint8'}, {'name': 'r', 'type': 'bytes32', 'internalType': 'bytes32'}, {'name': 's', 'type': 'bytes32', 'internalType': 'bytes32'}], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'pendingOwner', 'inputs': [], 'outputs': [{'name': '', 'type': 'address', 'internalType': 'address'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'protocolTreasury', 'inputs': [], 'outputs': [{'name': '', 'type': 'address', 'internalType': 'address'}], 'stateMutability': 'view'}, {'type': 'function', 'name': 'renounceOwnership', 'inputs': [], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'transferOwnership', 'inputs': [{'name': 'newOwner', 'type': 'address', 'internalType': 'address'}], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'unpause', 'inputs': [], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'function', 'name': 'updateTreasury', 'inputs': [{'name': '_newTreasury', 'type': 'address', 'internalType': 'address'}], 'outputs': [], 'stateMutability': 'nonpayable'}, {'type': 'event', 'name': 'OwnershipTransferStarted', 'inputs': [{'name': 'previousOwner', 'type': 'address', 'indexed': True, 'internalType': 'address'}, {'name': 'newOwner', 'type': 'address', 'indexed': True, 'internalType': 'address'}], 'anonymous': False}, {'type': 'event', 'name': 'OwnershipTransferred', 'inputs': [{'name': 'previousOwner', 'type': 'address', 'indexed': True, 'internalType': 'address'}, {'name': 'newOwner', 'type': 'address', 'indexed': True, 'internalType': 'address'}], 'anonymous': False}, {'type': 'event', 'name': 'Paused', 'inputs': [{'name': 'account', 'type': 'address', 'indexed': False, 'internalType': 'address'}], 'anonymous': False}, {'type': 'event', 'name': 'PaymentReceived', 'inputs': [{'name': 'orderId', 'type': 'bytes32', 'indexed': True, 'internalType': 'bytes32'}, {'name': 'merchant', 'type': 'address', 'indexed': True, 'internalType': 'address'}, {'name': 'payer', 'type': 'address', 'indexed': True, 'internalType': 'address'}, {'name': 'token', 'type': 'address', 'indexed': False, 'internalType': 'address'}, {'name': 'amount', 'type': 'uint256', 'indexed': False, 'internalType': 'uint256'}, {'name': 'fee', 'type': 'uint256', 'indexed': False, 'internalType': 'uint256'}, {'name': 'chainId', 'type': 'uint256', 'indexed': False, 'internalType': 'uint256'}], 'anonymous': False}, {'type': 'event', 'name': 'TreasuryUpdated', 'inputs': [{'name': 'oldTreasury', 'type': 'address', 'indexed': True, 'internalType': 'address'}, {'name': 'newTreasury', 'type': 'address', 'indexed': True, 'internalType': 'address'}], 'anonymous': False}, {'type': 'event', 'name': 'Unpaused', 'inputs': [{'name': 'account', 'type': 'address', 'indexed': False, 'internalType': 'address'}], 'anonymous': False}, {'type': 'error', 'name': 'AmountTooLow', 'inputs': []}, {'type': 'error', 'name': 'EnforcedPause', 'inputs': []}, {'type': 'error', 'name': 'ExpectedPause', 'inputs': []}, {'type': 'error', 'name': 'InvalidAddress', 'inputs': []}, {'type': 'error', 'name': 'OwnableInvalidOwner', 'inputs': [{'name': 'owner', 'type': 'address', 'internalType': 'address'}]}, {'type': 'error', 'name': 'OwnableUnauthorizedAccount', 'inputs': [{'name': 'account', 'type': 'address', 'internalType': 'address'}]}, {'type': 'error', 'name': 'SafeERC20FailedOperation', 'inputs': [{'name': 'token', 'type': 'address', 'internalType': 'address'}]}, {'type': 'error', 'name': 'UnauthorizedCaller', 'inputs': []}]

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/errors.py

@@ -28,7 +28,7 @@ ERROR_MESSAGES = {
     ErrorCode.transaction_not_found: "Transaction not found on-chain.",
     ErrorCode.wrong_contract: "Payment event was not emitted by the official PayNode contract.",
     ErrorCode.order_mismatch: "OrderId in receipt does not match requested ID.",
-    ErrorCode.missing_receipt: "Please pay to PayNode contract and provide 'x-paynode-receipt' header.",
+    ErrorCode.missing_receipt: "Please pay to PayNode contract and provide 'X-402-Payload' header.",
 }
 
 class PayNodeException(Exception):

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/idempotency.py

@@ -18,27 +18,38 @@ class IdempotencyStore(ABC):
         """
         pass
 
+import threading
+
 class MemoryIdempotencyStore(IdempotencyStore):
     def __init__(self):
         self.cache: Dict[str, float] = {}
+        self.last_cleanup = time.time()
+        self.lock = threading.Lock()
 
     async def check_and_set(self, tx_hash: str, ttl_seconds: int) -> bool:
-        now = time.time()
-        expiry = self.cache.get(tx_hash)
+        with self.lock:
+            now = time.time()
+            expiry = self.cache.get(tx_hash)
 
-        if expiry and expiry > now:
-            return False
+            if expiry and expiry > now:
+                return False
 
-        self.cache[tx_hash] = now + ttl_seconds
-        self._cleanup()
-        return True
+            self.cache[tx_hash] = now + ttl_seconds
+            
+            # BUG-5 FIX: Only cleanup periodically to avoid O(n) overhead on every call.
+            if now - self.last_cleanup > 60:
+                self._cleanup()
+                self.last_cleanup = now
+                
+            return True
 
     async def delete(self, tx_hash: str) -> None:
-        self.cache.pop(tx_hash, None)
+        with self.lock:
+            self.cache.pop(tx_hash, None)
 
     def _cleanup(self):
+        # Already inside lock when called from check_and_set
         now = time.time()
-        # Simple cleanup logic: remove expired entries
         expired_keys = [k for k, v in self.cache.items() if v <= now]
         for k in expired_keys:
             del self.cache[k]

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/middleware.py

@@ -47,13 +47,20 @@ class PayNodeMiddleware(BaseHTTPMiddleware):
         self.chain_id = chain_id
         self.generate_order_id = generate_order_id or (lambda r: f"agent_py_{int(time.time() * 1000)}")
 
-        self.amount_int = int(float(price) * (10 ** decimals))
+        # DEV-2 FIX: Avoid float precision risks by using integer arithmetic or decimal string parsing
+        if "." in price:
+            parts = price.split(".")
+            integer_part = parts[0]
+            fraction_part = parts[1][:decimals].ljust(decimals, "0")
+            self.amount_int = int(integer_part + fraction_part)
+        else:
+            self.amount_int = int(price) * (10 ** decimals)
         self.description = kwargs.get('description', "Protected Resource")
         self.max_timeout_seconds = kwargs.get('max_timeout_seconds', 3600)
 
     async def dispatch(self, request: Request, call_next):
-        v2_payload_header = request.headers.get('x-402-payload')
-        order_id = request.headers.get('x-402-order-id')
+        v2_payload_header = request.headers.get('X-402-Payload')
+        order_id = request.headers.get('X-402-Order-Id')
 
         if not order_id:
             order_id = self.generate_order_id(request)
@@ -76,10 +83,14 @@ class PayNodeMiddleware(BaseHTTPMiddleware):
                         "amount": str(self.amount_int),
                         "orderId": order_id
                     },
-                    unified_payload.get("payload", {}).get("extra", {}) if unified_payload.get("type") == "eip3009" else {}
+                    # BUG-1 FIX: extra should come from our own config (v2Response schema), not the agent's payload
+                    {
+                        "name": self.currency,
+                        "version": "2" # USDC v2
+                    } if unified_payload.get("type") == "eip3009" else {}
                 )
                 if result.get("isValid"):
-                    request.state.paynode = {"unified_payload": unified_payload, "order_id": order_id}
+                    request.state.paynode = {"unified_payload": unified_payload, "orderId": order_id}
                     return await call_next(request)
                 else:
                     err = result.get("error")

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/verifier.py

@@ -3,7 +3,7 @@ import time
 import logging
 from concurrent.futures import ThreadPoolExecutor, as_completed
 from .errors import ErrorCode, PayNodeException
-from .constants import ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT
+from .constants import ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT, PAYNODE_ROUTER_ABI
 from .idempotency import MemoryIdempotencyStore
 from web3 import Web3
 from eth_account import Account
@@ -55,6 +55,15 @@ class PayNodeVerifier:
         Routes to verify_onchain_payment or verify_transfer_with_authorization (eip3009).
         """
         try:
+            # 1. Double-check Protocol Dust Limit (>= 1000)
+            expected_amount = int(expected.get("amount", 0))
+            if expected_amount < MIN_PAYMENT_AMOUNT:
+                 return {"isValid": False, "error": PayNodeException(ErrorCode.amount_too_low)}
+
+            # 2. Security: Token Whitelist Check
+            if self.accepted_tokens and expected.get("tokenAddress", "").lower() not in self.accepted_tokens:
+                return {"isValid": False, "error": PayNodeException(ErrorCode.token_not_accepted, message=f"Token {expected.get('tokenAddress')} not allowed")}
+
             payload_type = unified_payload.get("type")
             actual_payload = unified_payload.get("payload", {})
             order_id = unified_payload.get("orderId")
@@ -105,16 +114,21 @@ class PayNodeVerifier:
         if receipt.get("status") == 0:
             return {"isValid": False, "error": PayNodeException(ErrorCode.transaction_failed)}
 
-        router_abi = [{"anonymous": False, "inputs": [{"indexed": True, "name": "merchant", "type": "address"}, {"indexed": True, "name": "token", "type": "address"}, {"indexed": False, "name": "amount", "type": "uint256"}, {"indexed": True, "name": "orderId", "type": "bytes32"}, {"indexed": False, "name": "chainId", "type": "uint256"}], "name": "PaymentReceived", "type": "event"}]
-        contract = self.w3.eth.contract(address=Web3.to_checksum_address(self.contract_address), abi=router_abi)
+        contract = self.w3.eth.contract(address=Web3.to_checksum_address(self.contract_address), abi=PAYNODE_ROUTER_ABI)
         
+        # 1. Check if the router was even involved (against 'WrongContract' vs 'InvalidReceipt')
+        # Filter logs for current contract
+        relevant_logs = [log for log in receipt.get("logs", []) if log.get("address", "").lower() == self.contract_address.lower()]
+        if not relevant_logs:
+             return {"isValid": False, "error": PayNodeException(ErrorCode.wrong_contract, message="Transaction did not interact with the expected PayNodeRouter contract")}
+
         try:
-            logs = await asyncio.to_thread(contract.events.PaymentReceived().process_receipt, receipt)
+            processed_logs = await asyncio.to_thread(contract.events.PaymentReceived().process_receipt, {"logs": relevant_logs})
         except Exception:
              return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt)}
 
-        if not logs:
-             return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="No PaymentReceived event found")}
+        if not processed_logs:
+             return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="No PaymentReceived event found in router logs")}
 
         merchant = expected.get("merchantAddress", "").lower()
         token = expected.get("tokenAddress", "").lower()
@@ -122,16 +136,24 @@ class PayNodeVerifier:
         order_id_bytes = self.w3.keccak(text=expected.get("orderId", ""))
 
         valid_log_found = False
-        for log in logs:
+        order_id_mismatch_found = False
+        for log in processed_logs:
             args = log.args
-            if (args.get("merchant", "").lower() == merchant and
-                args.get("token", "").lower() == token and
-                args.get("amount", 0) >= amount and
-                args.get("orderId") == order_id_bytes):
-                valid_log_found = True
-                break
+            is_merchant_match = args.get("merchant", "").lower() == merchant
+            is_token_match = args.get("token", "").lower() == token
+            is_amount_match = args.get("amount", 0) >= amount
+            is_order_match = args.get("orderId") == order_id_bytes
+
+            if is_merchant_match and is_token_match and is_amount_match:
+                if is_order_match:
+                    valid_log_found = True
+                    break
+                else:
+                    order_id_mismatch_found = True
         
         if not valid_log_found:
+             if order_id_mismatch_found:
+                 return {"isValid": False, "error": PayNodeException(ErrorCode.order_mismatch, message="Payment log found but orderId does not match")}
              return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Payment event data mismatch")}
 
         if self.store:
@@ -218,7 +240,9 @@ class PayNodeVerifier:
                 "message": auth_msg
             }
 
-            recovered_address = Account.recover_typed_data(structured_data, signature=signature)
+            from eth_account.messages import encode_typed_data
+            signable_msg = encode_typed_data(full_message=structured_data)
+            recovered_address = Account.recover_message(signable_msg, signature=signature)
 
             if recovered_address.lower() != auth["from"].lower():
                 return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Invalid signature")}
@@ -261,19 +285,17 @@ class PayNodeVerifier:
 
             # Concurrent RPC calls
             try:
-                def call_rpc():
-                    balance = token_contract.functions.balanceOf(authorizer_address).call()
-                    is_used = token_contract.functions.authorizationState(authorizer_address, nonce_bytes).call()
-                    return balance, is_used
-
-                balance, is_nonce_used_on_chain = await asyncio.to_thread(call_rpc)
+                balance, is_nonce_used_on_chain = await asyncio.gather(
+                    asyncio.to_thread(token_contract.functions.balanceOf(authorizer_address).call),
+                    asyncio.to_thread(token_contract.functions.authorizationState(authorizer_address, nonce_bytes).call)
+                )
             except Exception as e:
-                # If RPC fails (e.g. mock token doesn't support authorizationState), fallback or fail
                 logger.warning(f"RPC state check failed for token {token_addr}: {e}")
-                # We still keep the local idempotency check. For safety, we return true if balance is not checkable? 
-                # No, JS implementation fallbacks to 0 balance and False nonce.
-                balance = payload_value # Optimistic if check fails? No, let's follow JS more closely but be safe.
-                is_nonce_used_on_chain = False
+                if self.store: await self.store.delete(nonce)
+                return {
+                    "isValid": False, 
+                    "error": PayNodeException(ErrorCode.rpc_error, message=f"Cannot verify on-chain state: {e}")
+                }
 
             if balance < payload_value:
                 if self.store: await self.store.delete(nonce)

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk/webhook.py

@@ -3,7 +3,7 @@ PayNode Webhook Notifier — monitors on-chain PaymentReceived events
 and delivers structured webhook POSTs to a merchant's endpoint.
 
 Features:
-- HMAC-SHA256 signature for authenticity (header: x-paynode-signature)
+- HMAC-SHA256 signature for authenticity (header: X-402-Signature)
 - Configurable polling interval
 - Automatic retry with exponential backoff (3 attempts)
 - Async-first design
@@ -73,7 +73,7 @@ class PayNodeWebhookNotifier:
     Usage:
         notifier = PayNodeWebhookNotifier(
             rpc_url="https://mainnet.base.org",
-            contract_address="0x92e20164FC457a2aC35f53D06268168e6352b200",
+            contract_address="0x4A73696ccF76E7381b044cB95127B3784369Ed63",
             webhook_url="https://myshop.com/api/paynode-webhook",
             webhook_secret="whsec_mysecretkey123",
         )
@@ -201,9 +201,9 @@ class PayNodeWebhookNotifier:
 
         headers = {
             "Content-Type": "application/json",
-            "x-paynode-signature": f"sha256={signature}",
-            "x-paynode-event": "payment.received",
-            "x-paynode-delivery-id": f"{event.tx_hash}-{attempt}",
+            "X-402-Signature": f"sha256={signature}",
+            "X-402-Event": "payment.received",
+            "X-402-Delivery-Id": f"{event.tx_hash}-{attempt}",
             **self.custom_headers,
         }
 

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0/paynode_sdk_python.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: paynode-sdk-python
-Version: 2.0.0
+Version: 2.1.0
 Summary: PayNode Protocol Python SDK for AI Agents
 Author-email: PayNodeLabs <contact@paynode.dev>
 License: MIT
@@ -54,7 +54,7 @@ response = agent.request_gate("https://api.merchant.com/premium-data", method="P
 print(response.json())
 ```
 
-### Key Features (v2.0)
+### Key Features (v2.1)
 - **EIP-3009 Support**: Sign payments off-chain using `TransferWithAuthorization`, allowing for gasless or relayer-mediated settlement.
 - **X402 V2 Protocol**: JSON-based handshake for more structured and machine-readable payment instructions.
 - **Dual Flow**: Automatic fallback to V1 (on-chain receipts) for legacy merchant support.

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/paynode_sdk_python.egg-info/SOURCES.txt

@@ -15,5 +15,6 @@ paynode_sdk_python.egg-info/dependency_links.txt
 paynode_sdk_python.egg-info/requires.txt
 paynode_sdk_python.egg-info/top_level.txt
 tests/test_client.py
+tests/test_concurrency.py
 tests/test_internals.py
 tests/test_verifier_logic.py

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "paynode-sdk-python"
-version = "2.0.0"
+version = "2.1.0"
 description = "PayNode Protocol Python SDK for AI Agents"
 readme = "README.md"
 authors = [{ name = "PayNodeLabs", email = "contact@paynode.dev" }]

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/tests/test_client.py

@@ -9,7 +9,7 @@ from paynode_sdk import PayNodeAgentClient, PayNodeException, ErrorCode
 MOCK_PRIVATE_KEY = "0x" + "1" * 64
 MOCK_RPC = "https://sepolia.base.org"
 MOCK_MERCHANT = "0xMerchantWalletAddress789"
-MOCK_TOKEN = "0x109AEddD656Ed2761d1e210E179329105039c784"
+MOCK_TOKEN = "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0"
 MOCK_ROUTER = "0xPayNodeRouterAddress123"
 MOCK_ORDER_ID = "order_12345"
 MOCK_TX_HASH = "0x6f3e1a0000000000000000000000000000000000000000000000000000000000"
@@ -93,7 +93,7 @@ def test_dust_limit_protection(client):
     }
     
     with pytest.raises(PayNodeException) as exc:
-        client._handle_x402_v2(v2_req)
+        client._handle_x402_v2("http://example.com", v2_req)
     assert exc.value.code == ErrorCode.amount_too_low
 
 def test_rpc_failover_logic():

paynode_sdk_python-2.1.0/tests/test_concurrency.py

@@ -0,0 +1,75 @@
+import asyncio
+import pytest
+from unittest.mock import MagicMock, patch
+from paynode_sdk import PayNodeVerifier, ErrorCode
+
+@pytest.fixture
+def verifier():
+    with patch('paynode_sdk.verifier.Web3') as mock_w3:
+        mock_instance = mock_w3.return_value
+        mock_instance.is_connected.return_value = True
+        mock_instance.eth = MagicMock()
+        return PayNodeVerifier(
+            rpc_urls="http://localhost",
+            contract_address="0x" + "a" * 40,
+            chain_id=84532
+        )
+
+@pytest.mark.asyncio
+async def test_concurrent_double_spend_eip3009(verifier):
+    """
+    Simultaneously triggers multiple verification requests with the same nonce.
+    Ensures only ONE succeeds and the others fail with duplicate_transaction.
+    """
+    mock_from = "0x" + "b" * 40
+    mock_to = "0x" + "c" * 40
+    mock_nonce = "0x" + "d" * 64
+    mock_amount = 2000
+    mock_token = "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0"
+
+    payload = {
+        "signature": "0x" + "1" * 130,
+        "authorization": {
+            "from": mock_from,
+            "to": mock_to,
+            "value": str(mock_amount),
+            "validAfter": "0",
+            "validBefore": "9999999999",
+            "nonce": mock_nonce
+        }
+    }
+
+    # 1. Mock Signature Recovery
+    with patch('paynode_sdk.verifier.Account.recover_message') as mock_recover:
+        mock_recover.return_value = mock_from
+
+        # 2. Mock RPC State (Valid balance, Not used on-chain)
+        # In verifier.py, these are called via token_contract.functions.X.call()
+        mock_contract = MagicMock()
+        mock_contract.functions.balanceOf().call.return_value = 5000
+        mock_contract.functions.authorizationState().call.return_value = False
+        verifier.w3.eth.contract.return_value = mock_contract
+
+        # 3. Simulate High Concurrency (10 simultaneous requests)
+        tasks = []
+        for _ in range(10):
+            tasks.append(verifier.verify_transfer_with_authorization(
+                mock_token,
+                payload,
+                {"to": mock_to, "value": mock_amount}
+            ))
+
+        results = await asyncio.gather(*tasks)
+
+        # 4. Analyze Results
+        success_count = sum(1 for r in results if r["isValid"] is True)
+        duplicate_count = sum(1 for r in results if (
+            r["isValid"] is False and 
+            r["error"].code == ErrorCode.duplicate_transaction
+        ))
+
+        # EXACTLY ONE should be valid
+        assert success_count == 1, f"Expected 1 success, got {success_count}"
+        # THE OTHER 9 should be duplicates
+        assert duplicate_count == 9, f"Expected 9 duplicates, got {duplicate_count}"
+        assert len(results) == 10

{paynode_sdk_python-2.0.0 → paynode_sdk_python-2.1.0}/tests/test_internals.py

@@ -79,7 +79,7 @@ def test_handle_402_decision_logic(client):
         'accepts': [{
             'type': 'onchain',
             'network': 'eip155:84532',
-            'asset': "0x109AEddD656Ed2761d1e210E179329105039c784",
+            'asset': "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
             'amount': '2000',
             'payTo': "0xMerchant",
             'router': "0xRouter"
@@ -89,11 +89,11 @@ def test_handle_402_decision_logic(client):
     # Case 1: Sufficient allowance -> calls pay
     with patch.object(client, '_get_allowance', return_value=5000), \
          patch.object(client, 'pay', return_value="0xHashPay") as mock_pay:
-        client._handle_x402_v2(requirements)
+        client._handle_x402_v2("http://example.com", requirements)
         mock_pay.assert_called_once()
         
     # Case 2: Insufficient allowance -> calls pay_with_permit
     with patch.object(client, '_get_allowance', return_value=0), \
          patch.object(client, 'pay_with_permit', return_value="0xHashPermit") as mock_permit:
-        client._handle_x402_v2(requirements)
+        client._handle_x402_v2("http://example.com", requirements)
         mock_permit.assert_called_once()

paynode_sdk_python-2.1.0/tests/test_verifier_logic.py

@@ -0,0 +1,282 @@
+import pytest
+from unittest.mock import MagicMock, patch
+from web3 import Web3
+from paynode_sdk import PayNodeVerifier, ErrorCode, PayNodeException
+
+@pytest.fixture
+def verifier():
+    with patch('paynode_sdk.verifier.Web3') as mock_w3:
+        mock_instance = mock_w3.return_value
+        mock_instance.is_connected.return_value = True
+        # Mock eth provider structure
+        mock_instance.eth = MagicMock()
+        mock_instance.keccak.side_effect = Web3.keccak
+        return PayNodeVerifier(
+            rpc_urls="http://localhost",
+            contract_address="0x" + "a" * 40,
+            chain_id=84532
+        )
+
+@pytest.mark.asyncio
+async def test_verify_payment_invalid_receipt(verifier):
+    """Checks handling of missing transaction receipt."""
+    verifier.w3.eth.get_transaction_receipt.return_value = None
+    result = await verifier.verify_onchain_payment("0xHash", {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000
+    })
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.transaction_not_found
+
+@pytest.mark.asyncio
+async def test_verify_payment_wrong_contract(verifier):
+    """Checks rejection of logs from unauthorized contract addresses or no logs."""
+    mock_receipt = {"id": "0x123", "status": 1, "logs": []}
+    
+    # Mock behavior of process_receipt when no logs are provided
+    mock_contract = MagicMock()
+    mock_contract.events.PaymentReceived().process_receipt.return_value = [] # No valid logs
+    verifier.w3.eth.contract.return_value = mock_contract
+    verifier.w3.eth.get_transaction_receipt.return_value = mock_receipt
+    
+    payload = {"type": "onchain", "payload": {"txHash": "0xHash"}}
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000
+    })
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.wrong_contract
+
+@pytest.mark.asyncio
+async def test_dust_limit_rejection(verifier):
+    """Checks rejection of dust payments (<1000 atomic units)."""
+    # Test through unify verify() endpoint
+    payload = {
+        "type": "onchain",
+        "orderId": "test-dust",
+        "payload": {"txHash": "0xHash"}
+    }
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 500  # Below 1000
+    })
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.amount_too_low
+
+@pytest.mark.asyncio
+async def test_verify_payment_non_whitelisted_token(verifier):
+    """Checks rejection of non-whitelisted tokens."""
+    # verifier.accepted_tokens is initialized based on chain_id 84532 or default
+    payload = {"type": "onchain", "payload": {"txHash": "0xHash"}}
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x" + "f" * 40, # Random non-whitelisted token
+        "amount": 2000
+    })
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.token_not_accepted
+@pytest.mark.asyncio
+async def test_verify_payment_order_mismatch(verifier):
+    """Checks ErrorCode.order_mismatch when PaymentReceived log found but orderId doesn't match."""
+    # 🧪 Prepare logs that match merchant/token/amount but have WRONG orderId
+    mock_log = MagicMock()
+    mock_log.args = {
+        "merchant": "0xMerchant",
+        "token": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000,
+        "orderId": b"wrong_order_id_bytes_32" # Does not match expected (which will be keccak('test-order'))
+    }
+    
+    mock_contract = MagicMock()
+    mock_contract.events.PaymentReceived().process_receipt.return_value = [mock_log]
+    
+    # Setup w3 mocks
+    verifier.w3.eth.contract.return_value = mock_contract
+    verifier.w3.eth.get_transaction_receipt.return_value = {
+        "status": 1, 
+        "logs": [{"address": verifier.contract_address.lower()}] # At least one log to trigger WrongContract check passing
+    }
+    
+    payload = {
+        "type": "onchain", 
+        "orderId": "test-order",
+        "payload": {"txHash": "0xHash"}
+    }
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000
+    })
+    
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.order_mismatch
+
+@pytest.mark.asyncio
+async def test_verify_valid_payment(verifier):
+    """Checks success path for on-chain payment."""
+    mock_log = MagicMock()
+    mock_log.args = {
+        "merchant": "0xMerchant",
+        "token": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000,
+        "orderId": Web3.keccak(text="test-order")
+    }
+    
+    mock_contract = MagicMock()
+    mock_contract.events.PaymentReceived().process_receipt.return_value = [mock_log]
+    verifier.w3.eth.contract.return_value = mock_contract
+    verifier.w3.eth.get_transaction_receipt.return_value = {
+        "status": 1,
+        "logs": [{"address": verifier.contract_address.lower()}]
+    }
+    
+    payload = {
+        "type": "onchain",
+        "orderId": "test-order",
+        "payload": {"txHash": "0xValidHash"}
+    }
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000
+    })
+    assert result["isValid"] is True
+
+@pytest.mark.asyncio
+async def test_duplicate_transaction(verifier):
+    """Checks idempotency by ensuring the same hash cannot be verified twice."""
+    mock_log = MagicMock()
+    mock_log.args = {
+        "merchant": "0xMerchant",
+        "token": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000,
+        "orderId": Web3.keccak(text="test-order")
+    }
+    mock_contract = MagicMock()
+    mock_contract.events.PaymentReceived().process_receipt.return_value = [mock_log]
+    verifier.w3.eth.contract.return_value = mock_contract
+    verifier.w3.eth.get_transaction_receipt.return_value = {
+        "status": 1,
+        "logs": [{"address": verifier.contract_address.lower()}]
+    }
+
+    payload = {"type": "onchain", "orderId": "test-order", "payload": {"txHash": "0xDup"}}
+    # Manual set to simulate previous success
+    await verifier.store.check_and_set("0xDup", 86400)
+    
+    result = await verifier.verify(payload, {
+        "merchantAddress": "0xMerchant",
+        "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0",
+        "amount": 2000
+    })
+    assert result["isValid"] is False
+    assert result["error"].code == ErrorCode.duplicate_transaction
+
+@pytest.mark.asyncio
+async def test_verify_eip3009_valid(verifier):
+    """Checks success path for EIP-3009 (Transfer with Authorization)."""
+    from eth_account import Account
+    
+    # Setup test account
+    priv_key = "0x" + "1" * 64
+    account = Account.from_key(priv_key)
+    from_addr = account.address
+    to_addr = "0x" + "3" * 40
+    token_addr = "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0"
+    nonce = "0x" + "2" * 64
+    
+    auth = {
+        "from": from_addr,
+        "to": to_addr,
+        "value": 2000,
+        "validAfter": 0,
+        "validBefore": 2000000000,
+        "nonce": nonce
+    }
+    
+    # Mock chain_id
+    verifier.chain_id = 84532
+    
+    # Mock RPC state calls
+    mock_token = MagicMock()
+    mock_token.functions.balanceOf().call.return_value = 5000
+    mock_token.functions.authorizationState().call.return_value = False
+    verifier.w3.eth.contract.return_value = mock_token
+    
+    # Sign payload
+    domain = {
+        "name": "USD Coin",
+        "version": "2",
+        "chainId": 84532,
+        "verifyingContract": Web3.to_checksum_address(token_addr)
+    }
+    types = {
+        "EIP712Domain": [
+            {"name": "name", "type": "string"},
+            {"name": "version", "type": "string"},
+            {"name": "chainId", "type": "uint256"},
+            {"name": "verifyingContract", "type": "address"},
+        ],
+        "TransferWithAuthorization": [
+            {"name": "from", "type": "address"},
+            {"name": "to", "type": "address"},
+            {"name": "value", "type": "uint256"},
+            {"name": "validAfter", "type": "uint256"},
+            {"name": "validBefore", "type": "uint256"},
+            {"name": "nonce", "type": "bytes32"},
+        ]
+    }
+    structured_data = {
+        "types": types,
+        "domain": domain,
+        "primaryType": "TransferWithAuthorization",
+        "message": auth
+    }
+    # Fix: Use full_message to match the SDK expectation
+    from eth_account.messages import encode_typed_data
+    signable_msg = encode_typed_data(full_message=structured_data)
+    signature = account.sign_message(signable_msg).signature.hex()
+    
+    payload = {
+        "type": "eip3009",
+        "payload": {
+            "signature": signature,
+            "authorization": auth
+        }
+    }
+    
+    result = await verifier.verify(payload, {
+        "merchantAddress": to_addr,
+        "tokenAddress": token_addr,
+        "amount": 2000
+    })
+    
+    assert result["isValid"] is True
+
+@pytest.mark.asyncio
+async def test_verify_eip3009_insufficient_balance(verifier):
+    """Checks EIP-3009 failure due to low authorizer balance."""
+    # Use valid hex for nonce
+    nonce = "0x" + "f" * 64
+    from_addr = "0x" + "d" * 40
+    to_addr = "0x" + "e" * 40
+    auth = {
+        "from": from_addr, "to": to_addr, "value": 2000, "validAfter": 0, "validBefore": 2000000000, "nonce": nonce
+    }
+    # Mock low balance
+    mock_token = MagicMock()
+    mock_token.functions.balanceOf().call.return_value = 500 # Less than 2000
+    mock_token.functions.authorizationState().call.return_value = False
+    verifier.w3.eth.contract.return_value = mock_token
+    
+    # Skip signature check by wrapping the inner logic or mocking recover
+    with patch('eth_account.Account.recover_message', return_value=from_addr):
+        payload = {"type": "eip3009", "payload": {"signature": "0x" + "s" * 130, "authorization": auth}}
+        result = await verifier.verify(payload, {
+            "merchantAddress": to_addr, "tokenAddress": "0x65c088EfBDB0E03185Dbe8e258Ad0cf4Ab7946b0", "amount": 2000
+        })
+        assert result["isValid"] is False
+        assert result["error"].code == ErrorCode.insufficient_funds

paynode_sdk_python-2.0.0/paynode_sdk/constants.py

@@ -1,35 +0,0 @@
-# Generated by scripts/sync-config.py
-PAYNODE_ROUTER_ADDRESS = "0x4A73696ccF76E7381b044cB95127B3784369Ed63"
-PAYNODE_ROUTER_ADDRESS_SANDBOX = "0x24cD8b68aaC209217ff5a6ef1Bf55a59f2c8Ca6F"
-BASE_USDC_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
-BASE_USDC_ADDRESS_SANDBOX = "0x109AEddD656Ed2761d1e210E179329105039c784"
-BASE_USDC_DECIMALS = 6
-
-PROTOCOL_TREASURY = "0x598bF63F5449876efafa7b36b77Deb2070621C0E"
-PROTOCOL_FEE_BPS = 100
-MIN_PAYMENT_AMOUNT = 1000
-
-BASE_RPC_URLS = ["https://mainnet.base.org", "https://base.meowrpc.com", "https://1rpc.io/base"]
-BASE_RPC_URLS_SANDBOX = ["https://sepolia.base.org", "https://base-sepolia-rpc.publicnode.com"]
-
-ACCEPTED_TOKENS = {
-    8453: ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
-    84532: ["0x109AEddD656Ed2761d1e210E179329105039c784"]
-}
-
-PAYNODE_ROUTER_ABI = [
-    {
-        "anonymous": False,
-        "inputs": [
-            {"indexed": True, "name": "orderId", "type": "bytes32"},
-            {"indexed": True, "name": "merchant", "type": "address"},
-            {"indexed": True, "name": "payer", "type": "address"},
-            {"indexed": False, "name": "token", "type": "address"},
-            {"indexed": False, "name": "amount", "type": "uint256"},
-            {"indexed": False, "name": "fee", "type": "uint256"},
-            {"indexed": False, "name": "chainId", "type": "uint256"}
-        ],
-        "name": "PaymentReceived",
-        "type": "event"
-    }
-]

paynode_sdk_python-2.0.0/tests/test_verifier_logic.py

@@ -1,71 +0,0 @@
-import pytest
-from unittest.mock import MagicMock, patch
-from web3 import Web3
-from paynode_sdk import PayNodeVerifier, ErrorCode, PayNodeException
-
-@pytest.fixture
-def verifier():
-    with patch('paynode_sdk.verifier.Web3') as mock_w3:
-        mock_instance = mock_w3.return_value
-        mock_instance.is_connected.return_value = True
-        # Mock eth provider structure
-        mock_instance.eth = MagicMock()
-        mock_instance.keccak.side_effect = Web3.keccak
-        return PayNodeVerifier(
-            rpc_urls="http://localhost",
-            contract_address="0x" + "a" * 40,
-            chain_id=84532
-        )
-
-@pytest.mark.asyncio
-async def test_verify_payment_invalid_receipt(verifier):
-    """Checks handling of missing transaction receipt."""
-    verifier.w3.eth.get_transaction_receipt.return_value = None
-    result = await verifier.verify_onchain_payment("0xHash", {
-        "merchantAddress": "0xMerchant",
-        "tokenAddress": "0x109AEddD656Ed2761d1e210E179329105039c784",
-        "amount": 2000
-    })
-    assert result["isValid"] is False
-    assert result["error"].code == ErrorCode.transaction_not_found
-
-@pytest.mark.asyncio
-async def test_verify_payment_wrong_contract(verifier):
-    """Checks rejection of logs from unauthorized contract addresses or no logs."""
-    mock_receipt = {"id": "0x123", "status": 1, "logs": []}
-    
-    # Mock behavior of process_receipt when no logs are provided
-    mock_contract = MagicMock()
-    mock_contract.events.PaymentReceived().process_receipt.return_value = [] # No valid logs
-    verifier.w3.eth.contract.return_value = mock_contract
-    verifier.w3.eth.get_transaction_receipt.return_value = mock_receipt
-    
-    result = await verifier.verify_onchain_payment("0xHash", {
-        "merchantAddress": "0xMerchant",
-        "tokenAddress": "0x109AEddD656Ed2761d1e210E179329105039c784",
-        "amount": 2000
-    })
-    assert result["isValid"] is False
-    assert result["error"].code == ErrorCode.invalid_receipt
-
-@pytest.mark.asyncio
-async def test_dust_limit_rejection(verifier):
-    """Checks rejection of dust payments (<1000 atomic units)."""
-    # Verifier itself doesn't check MIN_PAYMENT_AMOUNT in verify_onchain_payment 
-    # but the construction of payload in verify() might.
-    # We'll test the unified entry point.
-    payload = {
-        "type": "onchain",
-        "orderId": "test",
-        "payload": {"txHash": "0xHash"}
-    }
-    result = await verifier.verify(payload, {
-        "merchantAddress": "0xMerchant",
-        "tokenAddress": "0xToken",
-        "amount": 500  # Below 1000
-    })
-    # Since verifier.py doesn't currently check MIN_PAYMENT_AMOUNT in verify() either, 
-    # this test might fail or we should add the check to verifier.py.
-    # The Client implements it, let's see if Verifier should too.
-    # For now, let's just make it call the valid method.
-    pass