Skip to content

pull in latest upstream#2

Open
TtheBC01 wants to merge 761 commits into
1Shot-API:mainfrom
x402-foundation:main
Open

pull in latest upstream#2
TtheBC01 wants to merge 761 commits into
1Shot-API:mainfrom
x402-foundation:main

Conversation

@TtheBC01

Copy link
Copy Markdown

Description

Tests

Checklist

  • I have formatted and linted my code
  • All new and existing tests pass
  • My commits are signed (required for merge) -- you may need to rebase if you initially pushed unsigned commits
  • I added a changelog fragment for user-facing changes (docs-only changes can skip)

phdargen and others added 18 commits April 16, 2026 02:41
#1968)

Set expectations for AI-generated contributions: require human review
before requesting PR review, remove verbosity and redundancy, verify
payment/signing correctness against specs, and disclose significant AI
usage. Include a sample system prompt for AI coding agents (Claude Code,
Codex, Cursor) that aligns agent output with x402 contribution standards.

Inspired by Neovim's AI-assisted work guidelines, adapted for x402's
security-sensitive payment infrastructure context.
* feat: add upto to python SDK

* feat: add unit & integration tests

* feat: add upto python clients/servers/facilitator to e2e suite

* initial cleanup

* implement partial settlement

* improve parity with ts/go

* better parity and fix tests

* fix(python): sort imports and format test file to pass ruff lint

New error constants were appended after ERR_UNSUPPORTED_SCHEME instead
of in alphabetical order, causing I001 (import block un-sorted).

Made-with: Cursor

* add comment to e2e tests

* fix failing integration test

* changelog

* fix changelog name

---------

Co-authored-by: Ethan Oroshiba <ethan.oroshiba@gmail.com>
Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* fix: scientific notation price conversion bug

* fix: simplified changeset fragment description

* fix: generalized solution
* map errors

* fix ci

* update python

* fix python ci
…2049)

* docs: add Documentation Checklist + surface chain-contribution flow

DEFAULT_ASSETS.md's 'Adding a New Chain' numbered flow stopped at 'Update
all three SDKs' → 'Submit a PR' and did not mention the user-facing docs
surfaces that also enumerate every chain with default-asset support. As a
result, recent onboarding PRs have shipped with stale docs (e.g. the
Radius PR #2038 updated the SDKs but not the docs table or Go README).
The existing Cross-SDK Checklist at the bottom enumerates only the three
code registries, mirroring the same gap.

network-and-token-support.mdx has a parallel discoverability problem:
the pointer to DEFAULT_ASSETS.md used a repo-relative path that resolves
to a broken link on docs.x402.org, and the pointer sat inside the
'Default Assets for Dollar-String Pricing' intro rather than under
'Adding Support for New Networks' where a would-be contributor actually
looks. The 'Adding' section itself described only runtime registration
(server.register from consumer code) and did not mention the separate
upstream-contribution path, and it also contained a 'Running Your Own
Facilitator' subsection that is about facilitator infrastructure, not
about adding networks — a topical mismatch. The page also ordered the
'Facilitators' section before 'Adding Support for New Networks', which
inverts the natural read → use → extend → operate narrative.

Changes:

  * DEFAULT_ASSETS.md:
      - Promote 'Update user-facing documentation' to a numbered step in
        'Adding a New Chain' (new step 3, between 'Update all three SDKs'
        and 'Submit a PR'), with a cross-reference to the new checklist.
      - Append a new 'Documentation Checklist' section below the existing
        Cross-SDK Checklist, naming the two hot docs surfaces
        (network-and-token-support.mdx and go/mechanisms/evm/README.md)
        that must also be updated on a new chain onboarding.

  * docs/core-concepts/network-and-token-support.mdx:
      - Remove the oddly-placed 'See DEFAULT_ASSETS.md' link from the
        Dollar-String Pricing intro; replace with an in-page anchor
        pointing at the new contribution subsection.
      - Split 'Adding Support for New Networks' into two subsections:
        'Runtime Registration' (the existing content, unchanged) and
        a new 'Contributing a New Default Asset' subsection that links
        to DEFAULT_ASSETS.md via an absolute github.com URL (so the
        link works on the published docs site) and explicitly names
        the cross-SDK + docs checklist.
      - Move 'Running Your Own Facilitator' out of 'Adding Support for
        New Networks' into the existing 'Facilitators' section, where
        it belongs topically.
      - Swap top-level section order: 'Adding Support for New Networks'
        now precedes 'Facilitators', matching the read → use → extend →
        operate narrative.

No code changes. Documentation only.

* docs: revert DEFAULT_ASSETS.md, unify SDK READMEs to link docs

Address review feedback: the Mintlify agent (.github/workflows/update-docs.yml)
keeps docs/ in sync with code, so contributors should only update the three SDK
constants files. Remove the Documentation Checklist and Step 3 from
DEFAULT_ASSETS.md. Apply a consistent two-link block to all three SDK READMEs
(Go/TS/Python) pointing at the mdx default-assets list and the mdx
Adding Support for New Networks section. Soften the mdx Contributing a New
Default Asset blurb to drop manual mdx/README update instructions.
…lable packages (#1978)

* docs: add npm badge with package version (Typescript + Chains)

* docs: create `README.md` under `typescript/` with full list of available packages

* docs: improve top README for installation instructions per language

* docs: separate code inputs to enable to copy / paste easily

* docs: add missing packages in installation command

* docs: break down and group package installation list for readability

* docs: add badges for packages around Algorand and Fastify
… Go SDKs (#2087)

* add mcp discovery support

* ci fixes and changelog

* rename changelog

* fix failing test

* fail in TS on transport mismatch, return extension info on settlement failure in python

* add e2e

* fix mcp payment payload parsing

* fix python parsing

* add transport to examples and docs
mintlify Bot and others added 30 commits June 26, 2026 09:33
Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* feat(concordium): exact mechanism implementation

* feat(concordium): align exact impl with spec + examples

* fix(concordium): address exact mechanism review

* style(concordium): format advanced example readmes

* feat(concordium): add shared e2e testnet coverage

* test(concordium): fix offline facilitator signer mock

* build(typescript): fix x402 CI validation

* fix(concordium): address all PR #2390 review comments

- Build fix: cast ccdNetwork as Network in all_networks.ts (#29)
- v2-only: getRequiredAmount() returns requirements.amount directly (#22)
- Remove offline e2e test (#4)
- Add defaultMoneyConversion() for Concordium native CCD (#8/#35)
- Private key support: new overload accepting hex-encoded Ed25519 key (#11/#19)
- Client runtime: traced createPaymentPayload path, all guards correct (#30)
- Tx simulation: addressed as chain limitation, preflightLikelyToSucceed correct (#3)
- Fix lint: JSDoc completeness for signer overloads, unused param naming

* fix(concordium): update e2e facilitator and integration tests for private key support

- e2e facilitator: support CCD_FACILITATOR_PRIVATE_KEY + CCD_FACILITATOR_ADDRESS
  env vars as preferred path, with wallet export as fallback
- e2e test.config.json: add new CCD env vars to optional list
- Integration tests: support CONCORDIUM_CLIENT_PRIVATE_KEY + CONCORDIUM_CLIENT_ADDRESS
  and CONCORDIUM_FACILITATOR_PRIVATE_KEY + CONCORDIUM_FACILITATOR_ADDRESS
  as alternatives to wallet export files
- Fix integration test expectations: asset field is 'CCD' for native CCD
  (matches actual parseAssetAmount/defaultMoneyConversion behavior)
- Fix AssetAmount pass-through test: amount is converted to atomic units

* fix(concordium): remove sponsor_as_recipient safety check

The check blocked the standard x402 deployment model where the service
provider runs both the facilitator (sponsoring gas) and the server
(receiving payment). No other mechanism (EVM, SVM, Aptos, Hedera,
Stellar, TVM) has this restriction.

Verified with on-chain integration tests:
- wallet 1 → wallet 2 (client pays service provider)
- wallet 2 sponsors the transaction
- Both CCD payment flows confirmed on Concordium testnet

* fix(concordium): pass token decimals from server to client for PLT transfers

Server parseAssetAmount now includes decimals in extra, which flows
through PaymentRequirements.extra to the client. Client buildPltTransfer
reads decimals from requirements.extra and uses it in TokenAmount.create
instead of hardcoding 0.

This fixes the invalid_token_amount_decimals error during facilitator
verification of PLT token payments (e.g. EURR with 6 decimals).

Integration tests: 10/10 pass including on-chain EURR transfer.

* fix(e2e): support CCD private key env vars in e2e test runner

Adds CCD_PRIVATE_KEY + CCD_ADDRESS as an alternative to
CCD_WALLET_PATH across the entire e2e stack:

- ClientConfig + FacilitatorConfig types: new optional fields
- GenericClientProxy + GenericFacilitatorProxy: map to env vars
- FacilitatorManager: pass through from process.env
- fetch + axios clients: prefer private key, fall back to wallet
- e2e/test.ts: read new env vars, OR-logic validation for CCD

Backward compatible: wallet export path still works when
private key vars are not set.

* style(concordium): fix lint and format issues

- Fix corrupted JSDoc in _get_tokens.ts
- Add missing @param decimals description in client scheme
- Fix unused decodedPayload param in checkPayloadSafety (rename to _)
- Fix _decodedPayload → decodedPayload in verify() local variable
- Apply prettier formatting to integration test and server scheme

* test(concordium): add USDR PLT token integration test case

* fix: minimize e2e diff — revert refactoring, keep only Concordium additions

Reverted 7 e2e runtime files to upstream2/main baseline and re-applied
only Concordium-specific additions as localized inserts. Zero existing
code touched — EVM, SVM, and all other chains completely unchanged.

Also:
- Restore EVM/SVM to required in all test.config.json files
- Fix missing/extra braces in fastify Keeta/CCD route blocks
- Fix duplicate ProtocolFamily type in networks.ts + types.ts
- Remove trailing newline in DEFAULT_ASSETS.md
- Revert EVM/SVM ! -> || '' in e2e/test.ts
- Hardcode CCD testnet in facilitator example

E2e runtime diff: 305 lines added (was 2,839 — 89% reduction)
Zero Concordium-related tsc errors. All tests passing.

* test(concordium): expand unit + integration coverage — large amounts, unknown token, asset deduplication

- Unit: 106 tests covering buildCcdTransfer, buildPltTransfer, validation, edge cases
- Integration: 32 tests covering happy path, large amounts, non-existent token, asset dedup
- Total: 138 Concordium tests, all green

* fix(concordium): simplify server scheme and fetch token decimals from RPC

- Server scheme: remove registerAsset, getAsset, getSupportedAssets,
  getSupportedSymbols, parseAssetAmount, assetKey, toWholeUnits,
  isAssetAmount, defaultMoneyConversion, CCD_NATIVE, ConcordiumAssetInfo,
  AssetType (291→140 lines)
- AssetAmount pass-through in atomic units, asset field required (throws
  if missing)
- Money (string/number) throws unless money parser registered — no
  silent CCD fallback
- Client: fetch PLT token decimals from gRPC getTokenInfo instead of
  trusting server-provided metadata
- Update unit + integration tests for new scheme behavior

* fix(concordium): replace CCD_WALLET_PATH with private key + address

- e2e: replace CLIENT_CCD_WALLET_PATH/FACILITATOR_CCD_WALLET_PATH with
  CCD_PRIVATE_KEY + CCD_ADDRESS throughout test runner, clients,
  facilitators, and README
- e2e/README.md: remove Concordium offline e2e section
- examples/clients/advanced: CCD_WALLET_PATH → CCD_PRIVATE_KEY +
  CCD_ADDRESS, parseWallet → buildBasicAccountSigner
- examples/servers/advanced/README.md: simplify Concordium testnet
  funding instructions

* docs(concordium): update README and package metadata for new scheme

- README: remove registerAsset() examples, add AssetAmount +
  registerMoneyParser() patterns, update Amount Format section
- README: fix Supported Assets table (PLT decimals token-dependent),
  wildcard description
- typescript/package.json: reorder devDependencies
- e2e/package.json: minor dependency update

* test(concordium): add unit and integration tests for review round 5 gaps

- Server (7 tests): no-decimals leak, money parser chain, asset required, extra preservation
- Facilitator (6 tests): preflight nonce/balance checks, PLT token balance preflight
- Client (3 tests): decimal edge cases (0, 18, large+6)
- Integration (7 tests): null/undefined/empty asset, no-decimals leak, preflight CCD+PLT, large-amount preflight

Addresses D1-D3, E1, O2 from PR #2390 review round 5

* chore: resolve e2e/pnpm-lock.yaml conflict with upstream/main
…2711)

* Update docs/sdk-features.md

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/sdk-features.md

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/exact.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

---------

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* Update docs/schemes/batch-settlement.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/batch-settlement.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

---------

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* ccd fast-follow

* fix fmt
* add e2e lockfile check

* regenerate
* updated ccd

* chore: version typescript packages

* fix fmt
* fix parsing

* fix parsing

* chore(go): release
…cross-SDK parity (#2744)

The @x402/evm facilitator and the Go facilitator emitted different error
codes for the identical EIP-3009 check (authorization value != required
amount): Go emits `invalid_exact_evm_payload_authorization_value_mismatch`
(the spec-registered reason), while TS emitted `invalid_exact_evm_authorization_value`,
which is not in the spec error registry and violates the errors.ts header
contract requiring character-for-character parity with the Go constants.
Go's own ErrInvalidAuthorizationValue is defined but never emitted, so the
mismatch code is the only correct reason for this condition.

Separately, the legacy `x402` package validates facilitator responses with
z.enum(ErrorReasons) and was missing this reason, so a TS client rejected
otherwise-valid Python/Go facilitator responses.

- @x402/evm: emit ErrAuthorizationValueMismatch from the EIP-3009 value check; add the constant
- legacy x402: add the reason to ErrorReasons
- tighten the exact-facilitator unit test to assert the emitted code
- changeset (patch)

Closes #2742

AI-assisted: drafted with Claude Code; diff, cross-SDK behavior, and tests verified by me.
* fix labelers

* fix labelers
* feat(typescript): add NEAR reference implementation package

* docs(examples): add NEAR ts examples

* test(e2e): end-to-end coverage for NEAR

confirmed on testnet with mike.testnet and mainnet with mike.near

* chore(typescript): add changeset for NEAR, pnpm lockfile

* ci: add NEAR package publish workflow
* Update docs/sdk-features.md

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/sdk-features.md

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/exact.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/exact.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/overview.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/getting-started/quickstart-for-buyers.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/getting-started/quickstart-for-buyers.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/getting-started/quickstart-for-buyers.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/getting-started/quickstart-for-buyers.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

---------

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* fix e2e runs

* missing files

* fix fmt
* fix #2701

* pr feedback

* pr feedback 2
* spec(xrpl): add exact scheme

* spec(xrpl): address exact scheme review

* spec(xrpl): add assetTransferMethod to select sequence or ticketSequence

Per review feedback, account sequencing is now negotiable via
extra.assetTransferMethod ("sequence" | "ticketSequence"), mirroring the
EVM exact scheme pattern. Documents the tradeoffs (ticket reserve and
TicketCreate preflight vs. the sequence settlement race) and splits the
facilitator sequencing checks per method.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* Update docs/schemes/exact.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/schemes/exact.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

---------

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
* mcp interop fixes

* add changeset
)

facilitator.x402.org has no DNS record (NXDOMAIN), so every quickstart
that copies these snippets fails at the first request. The rest of the
repo (99 references) already uses https://x402.org/facilitator, which
is live and serving /supported.


Claude-Session: https://claude.ai/code/session_018p8jtKC5g7uUMrjGCWksqu

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
… fresh clone (#2791)

* examples/go: add missing .env-example for echo server

* examples/go: simplify payment response handling in http client

The call site duplicated the v2/v1 header lookup that extractPaymentResponse already performs, and parse errors were silently dropped. Use the helper directly and surface parse failures.

* examples/go: tidy modules in echo server and http client examples

SDK dependency bumps were not propagated to the example modules, so neither example builds from a fresh clone (missing go.sum entries). Regenerated with go mod tidy under go1.24.1, the toolchain pinned in go.mod.
* deprecate website

* small fixes

* bring back protected

* fix fmt
* add ts/go readmes

* core + EVM mechanism plumbing

* add extension

* add examples

* fix siwx
* Update docs/sdk-features.md

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/extensions/overview.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/extensions/builder-code.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/extensions/builder-code.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/extensions/builder-code.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

* Update docs/extensions/builder-code.mdx

Generated-By: mintlify-agent

Mintlify-Source: dashboard-editor

---------

Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
…2810)

* fix(python/flask): use sync server in payment_middleware_from_config

The Flask factory instantiated the async x402ResourceServer and handed it
to PaymentMiddleware, which builds x402HTTPResourceServerSync. The sync
HTTP server rejects a server whose verify_payment is a coroutine, so the
factory raised TypeError('requires a sync server') at construction — it
failed 100% of the time and was unusable.

Switch to x402ResourceServerSync, mirroring how the FastAPI factory uses
the async x402ResourceServer for its async server. Regression test added.

* chore(python): changelog fragment for #2810
Add USDC on Igra Network (chain ID 38833) as a default stablecoin
across TypeScript, Go, and Python SDKs. Uses Permit2 transfer method
(no EIP-3009 or EIP-2612 support on the token contract).

Token: 0xA5b8BF902b2844dA17d4506cc827F7F1681735E7 (USDC, 6 decimals)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.