Skip to content

feat(x402): add MPP and Stripe compatibility#651

Open
bussyjd wants to merge 1 commit into
mainfrom
compat/mpp-payments-on-649
Open

feat(x402): add MPP and Stripe compatibility#651
bussyjd wants to merge 1 commit into
mainfrom
compat/mpp-payments-on-649

Conversation

@bussyjd

@bussyjd bussyjd commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Replaces the MPP/Stripe PR stack with one PR against main.
  • Adds MPP HTTP-auth compatibility to the x402 verifier while preserving existing PAYMENT-REQUIRED, X-PAYMENT, and X-PAYMENT-RESPONSE clients.
  • Ships Stripe SPT/card as the production card path and adds Tempo MPP as pull-only with preflight-before-proxy and broadcast-after-upstream-success semantics.
  • Keeps this PR scoped to MPP/Stripe verifier compatibility; Hermes image changes are not included.

Stripe SPT Flow

sequenceDiagram
    participant Client as Hermes buyer
    participant Verifier as x402 verifier
    participant StripeCLI as Stripe Link CLI
    participant StripeAPI as Stripe API
    participant Upstream as Paid service
    Client->>Verifier: Request protected route
    Verifier-->>Client: 402 with PAYMENT-REQUIRED and WWW-Authenticate method=stripe
    Client->>StripeCLI: Create Shared Payment Token from challenge
    StripeCLI-->>Client: Shared Payment Token
    Client->>Verifier: Retry with Authorization Payment or X-PAYMENT
    Verifier->>StripeAPI: Authorize PaymentIntent with manual capture
    Verifier->>Upstream: Proxy request
    alt upstream success
        Verifier->>StripeAPI: Capture PaymentIntent
        Verifier-->>Client: Upstream response with payment receipt headers
    else upstream failure
        Verifier->>StripeAPI: Cancel authorization
        Verifier-->>Client: Upstream error
    end
Loading

Tempo MPP Flow

sequenceDiagram
    participant Client as Hermes buyer or mppx
    participant Verifier as x402 verifier
    participant TempoRPC as Tempo RPC
    participant Upstream as Paid service
    Client->>Verifier: Request protected route
    Verifier-->>Client: 402 with WWW-Authenticate method=tempo
    Client->>Verifier: Retry with Authorization Payment signed pull credential
    Verifier->>Verifier: Preflight challenge, request, signature, and replay guard
    Verifier->>Upstream: Proxy request
    alt upstream success
        Verifier->>TempoRPC: Broadcast signed transaction and wait receipt
        TempoRPC-->>Verifier: Verified receipt
        Verifier-->>Client: Upstream response with payment receipt headers
    else upstream failure
        Verifier->>Verifier: Release replay reservation without broadcast
        Verifier-->>Client: Upstream error
    end
Loading

Compatibility Notes

  • Adds one WWW-Authenticate: Payment ... header per advertised rail using Header().Add.
  • Accepts Authorization: Payment ... alongside legacy X-PAYMENT.
  • Keeps Stripe public config on profileId / STRIPE_PROFILE_ID; the unreleased stripe-network-id compatibility alias is intentionally not included.
  • Uses Stripe wire networkId only inside the MPP challenge payload where Stripe clients expect it, derived from profileId.
  • Rejects Tempo push/hash credentials so the verifier does not charge before upstream success.
  • Does not advertise Tempo on streaming routes until a safe buffering or receipt path exists.

Coverage Follow-Up

  • Added card verifier dispatch coverage proving card routes use the card gateway and do not call the x402 facilitator.
  • Added table coverage for Stripe USD minimum validation, including malformed prices; malformed USD card prices now return validation errors instead of panicking.
  • Added MPP tests for dual WWW-Authenticate rail headers, Authorization: Payment method parsing, Tempo HandleProxy dispatch, settle-failure release, bad transaction credentials, and real gateway release/settle error branches.

Validation

  • go test -coverprofile=/tmp/obol-mpp-coverage-after.out ./cmd/obol ./internal/monetizeapi ./internal/schemas ./internal/serviceoffercontroller ./internal/x402 -count=1
  • go test -race ./cmd/obol ./internal/monetizeapi ./internal/schemas ./internal/serviceoffercontroller ./internal/x402 -count=1
  • git diff --check
  • Exact conflict-marker search returned no matches.
  • Deprecated Stripe alias scan returned no matches for stripe-network-id, STRIPE_NETWORK_ID, or Deprecated alias.

Coverage highlights after the follow-up:

  • internal/x402: 73.5%
  • validateStripeCardMinimum: 90.9%
  • addMPPAuthenticateHeaders: 88.9%
  • mppAuthorizationMethod: 100.0%
  • serveTempoMPPGated: 88.5%
  • HandleProxy: 79.4%

Supersedes

This was referenced Jun 17, 2026
Closed
Closed
Closed
Base automatically changed from chore/hermes-agent-stripe-image to integration/v0.11.0 June 17, 2026 12:08
@bussyjd bussyjd force-pushed the compat/mpp-payments-on-649 branch from 6b3be1f to 1cc3dd8 Compare June 17, 2026 12:17
@bussyjd bussyjd changed the title Add MPP payment compatibility feat(x402): add Hermes MPP and Stripe compatibility Jun 17, 2026
@bussyjd bussyjd changed the base branch from integration/v0.11.0 to main June 17, 2026 12:17
@bussyjd bussyjd requested a review from OisinKyne June 17, 2026 12:20
@bussyjd bussyjd force-pushed the compat/mpp-payments-on-649 branch from 1cc3dd8 to bb0da87 Compare June 17, 2026 12:31
@bussyjd bussyjd changed the title feat(x402): add Hermes MPP and Stripe compatibility feat(x402): add MPP and Stripe compatibility Jun 17, 2026
@bussyjd bussyjd force-pushed the compat/mpp-payments-on-649 branch from bb0da87 to 9a88f54 Compare June 17, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OisinKyne OisinKyne Awaiting requested review from OisinKyne

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bussyjd