feat: multi-protocol support — unified fetcher + omni-challenge (Phase 1)#143
Merged
feat: multi-protocol support — unified fetcher + omni-challenge (Phase 1)#143
Conversation
Task 1.5: Add PaymentProtocol, ProtocolFlag, and ChainFlag types to @atxp/common. Task 1.6: Refactor ATXPFetcher with strategy pattern for protocol handlers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Task 3.3 — Tempo chain support in SDK: - Add 'tempo' to Chain/Network types in @atxp/common - New @atxp/tempo package: TempoAccount, TempoPaymentMaker - pathUSD token (TIP-20, 6 decimals) with transferWithMemo support - Chain ID 4217 (mainnet), 42431 (testnet/Moderato) Task 3.6 — MPP protocol handler: - New @atxp/mpp package: MPP challenge parsing, MCP error -32042 detection - MPPProtocolHandler in @atxp/client: detects WWW-Authenticate: Payment header and MCP -32042 errors, calls /authorize/mpp, retries with Authorization: Payment credential - protocolFlag='mpp' selects MPP handler from omni-challenge - Graceful fallback when /authorize/mpp is unavailable All 228 tests passing across atxp-common, atxp-tempo, atxp-mpp, atxp-client. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical: - Fix native currency to Ether/ETH (matches auth repo) - Fix response body double-consumption bug in MPPProtocolHandler - Add TempoModerato to ChainEnum for testnet support Major: - Decompose handlePaymentChallenge into extractChallenge, buildProspectivePayment, authorizeAndRetry helpers - Decompose makePayment into checkBalance, classifyError helpers - Remove dead SSE check in canHandle Minor: - Lower JWT log level from info to debug - Add testnet support to TempoAccount via chainId parameter - Add vitest.config.ts to atxp-tempo and atxp-mpp packages - Fix unused variable lint error in tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Extract makePayment helpers (encodeTransferData, sendAndConfirm) to bring method under 50-line limit - Consolidate duplicated onPaymentFailure patterns into reportFailure helper in MPP handler - Fix reconstructResponse to preserve original response headers and statusText, matching X402 handler behavior - Remove unused @atxp/common and bignumber.js deps from @atxp/mpp package.json - Add tests for reconstructResponse header preservation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused FetchLike import from mppProtocolHandler.ts - Remove unused ProspectivePayment and PaymentFailureContext imports from protocolHandler.test.ts - Replace duplicated MCP error detection in canHandle() with hasMPPMCPError() - Fix unsafe type assertions in classifyError() using instanceof checks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ch block Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…3.3 + 3.6) feat: Tempo chain support + MPP protocol handler (Tasks 3.3 + 3.6)
Fixes ESLint no-unused-vars error blocking CI on PR #2. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AccountIdDestination doesn't carry a connection token, so server registration was rejected by auth's developerAccountVerifier middleware (missing X-ATXP-TOKEN). Revert to ATXPAccount which provides the token. Also point server at localhost:3010 for local testing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix double response body consumption in MPPProtocolHandler by reading body once upfront in extractChallenge - Fix ATXPProtocolHandler to return null instead of throwing, consistent with the ProtocolHandler strategy pattern contract - Add runtime validation for /authorize/x402 and /authorize/mpp responses to catch missing paymentHeader/credential fields - Replace unsafe `as` casts with type guards for account.origin/token - Add 30s timeout on /authorize/* calls via AbortController - Add tests for invalid auth responses, malformed headers, and ATXP handler strategy pattern compliance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix /authorize/x402 request body: send selectedPaymentRequirements as single object (not the full accepts array) to match accounts Zod schema - Add auth headers (Basic auth with connection token) to /authorize/x402 and /authorize/mpp calls so they pass accounts privyAuth middleware - Don't hardcode 'base' network in selectPaymentRequirements — let x402 library pick the best match from available options - Fix MPP extractChallenge() double body consumption: clone response before reading so both header and MCP-body paths can read independently - Update test mock to handle undefined network parameter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…multi-protocol support
Implements Task 1.7 of the multi-protocol integration plan:
- Server emits omni-challenges containing both ATXP-MCP and X402 payment data
- Credential detection: X-PAYMENT header → X402, ATXP JWT → ATXP-MCP
- ProtocolSettlement routes verify/settle to auth /verify/{protocol} and /settle/{protocol}
- Express middleware: verify at request start, settle at request end
- Omni-challenge formats: HTTP 402 with X402 body + X-ATXP-Payment-Request header (HTTP),
MCP error -30402 with combined data (MCP SSE)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ProtocolSettlement now builds protocol-specific request bodies:
X402 sends { payload, paymentRequirements }, ATXP sends
{ sourceAccountId, destinationAccountId, sourceAccountToken, options }
to match auth service Zod schemas
- detectProtocol no longer misidentifies Bearer JWTs as ATXP payment
credentials — Bearer tokens in non-MCP requests are OAuth tokens.
Only X-PAYMENT header is detected (ATXP-MCP flows through MCP path)
- Settlement only fires on successful responses (2xx status codes),
preventing users from being charged when request handlers error
- Add SettlementContext type for passing protocol-specific data
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 of multi-protocol integration per MULTI_PROTOCOL_EXECUTION_PLAN.md (Tasks 1.5, 1.6, 1.7).
Client-side (Tasks 1.5 + 1.6):
PaymentProtocoltype ('atxp' | 'x402' | 'mpp') andProtocolFlagfeature flag function in@atxp/commonATXPFetcher:ProtocolHandlerinterface withX402ProtocolHandler,ATXPProtocolHandler,MPPProtocolHandlerprotocolFlag(userId, destination)selects handler when multiple match (omni-challenge)checkForATXPResponse()— fully backwards compatible/authorize/x402on accounts with connection token auth@atxp/mpppackage for MPP challenge parsing@atxp/tempopackage for Tempo chain + pathUSD supportServer-side (Task 1.7):
buildOmniChallenge(),omniChallengeMcpError(),omniChallengeHttpResponse()detectProtocol()identifies X402 fromX-PAYMENTheader on retry requestsProtocolSettlementcalls auth/verify/{protocol}at request start,/settle/{protocol}at request endRelated PRs:
/authorize/x402+/authorize/atxp/verify/{protocol}+/settle/{protocol}Test plan
dev:resource+dev:cli— ATXP flow works end-to-endprotocolHandlers+protocolFlagconfigured🤖 Generated with Claude Code