refactor: remove BlockRun provider, retain Claw402 as sole x402 payment provider

Remove all BlockRun (Base + Solana wallet) references from codebase:
- Delete blockrun_base.go, blockrun_sol.go, wallet setup docs, icon
- Move shared EIP-712 signing code to x402.go for Claw402 reuse
- Clean up provider constants, model lists, UI components, translations
- Update all README files (EN + 6 i18n) and getting-started docs
This commit is contained in:
tinkle-community
2026-03-24 01:44:54 +08:00
parent bbf96fe4b4
commit 966995fb88
26 changed files with 316 additions and 1101 deletions

View File

@@ -44,7 +44,7 @@ var (
// TokenUsage represents token usage from AI API response
type TokenUsage struct {
Provider string // payment channel: "claw402", "blockrun-base", "blockrun-sol", or native provider name
Provider string // payment channel: "claw402" or native provider name
Model string
PromptTokens int
CompletionTokens int
@@ -52,13 +52,11 @@ type TokenUsage struct {
}
// Channel returns the payment channel category for telemetry.
// Returns "claw402", "blockrun", or "native" based on the provider.
// Returns "claw402" or "native" based on the provider.
func (u TokenUsage) Channel() string {
switch u.Provider {
case ProviderClaw402:
return "claw402"
case ProviderBlockRunBase, ProviderBlockRunSol:
return "blockrun"
default:
return "native"
}

View File

@@ -1,352 +0,0 @@
package payment
import (
"crypto/ecdsa"
"crypto/rand"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"math/big"
"net/http"
"strings"
"time"
"github.com/ethereum/go-ethereum/crypto"
"golang.org/x/crypto/sha3"
"nofx/mcp"
)
const (
DefaultBlockRunBaseURL = "https://blockrun.ai"
DefaultBlockRunModel = "gpt-5.4"
BlockRunChatEndpoint = "/api/v1/chat/completions"
BaseUSDCContract = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
BaseChainID int64 = 8453
BaseNetwork = "eip155:8453"
)
// EIP-712 type hashes for USDC TransferWithAuthorization (ERC-3009)
var (
eip712DomainTypeHash = keccak256String("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
transferWithAuthTypeHash = keccak256String("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
)
func init() {
mcp.RegisterProvider(mcp.ProviderBlockRunBase, func(opts ...mcp.ClientOption) mcp.AIClient {
return NewBlockRunBaseClientWithOptions(opts...)
})
}
func keccak256String(s string) []byte {
h := sha3.NewLegacyKeccak256()
h.Write([]byte(s))
return h.Sum(nil)
}
func keccak256Bytes(data ...[]byte) []byte {
h := sha3.NewLegacyKeccak256()
for _, b := range data {
h.Write(b)
}
return h.Sum(nil)
}
// BlockRunBaseClient implements AIClient using BlockRun's API with x402 v2 EIP-712 payment signing.
type BlockRunBaseClient struct {
*mcp.Client
privateKey *ecdsa.PrivateKey
}
func (c *BlockRunBaseClient) BaseClient() *mcp.Client { return c.Client }
// NewBlockRunBaseClient creates a BlockRun Base wallet client (backward compatible).
func NewBlockRunBaseClient() mcp.AIClient {
return NewBlockRunBaseClientWithOptions()
}
// NewBlockRunBaseClientWithOptions creates a BlockRun Base wallet client.
func NewBlockRunBaseClientWithOptions(opts ...mcp.ClientOption) mcp.AIClient {
baseOpts := []mcp.ClientOption{
mcp.WithProvider(mcp.ProviderBlockRunBase),
mcp.WithModel(DefaultBlockRunModel),
mcp.WithBaseURL(DefaultBlockRunBaseURL),
mcp.WithTimeout(X402Timeout),
mcp.WithMaxRetries(1), // disable outer retry — inner x402 loop handles retries; outer retry causes duplicate payments
}
allOpts := append(baseOpts, opts...)
baseClient := mcp.NewClient(allOpts...).(*mcp.Client)
baseClient.UseFullURL = true
baseClient.BaseURL = DefaultBlockRunBaseURL + BlockRunChatEndpoint
c := &BlockRunBaseClient{Client: baseClient}
baseClient.Hooks = c
return c
}
// SetAPIKey stores the EVM private key (hex, with or without 0x prefix).
func (c *BlockRunBaseClient) SetAPIKey(apiKey string, customURL string, customModel string) {
hexKey := strings.TrimPrefix(apiKey, "0x")
privKey, err := crypto.HexToECDSA(hexKey)
if err != nil {
c.Log.Warnf("⚠️ [MCP] BlockRun Base: invalid private key: %v", err)
} else {
c.privateKey = privKey
c.APIKey = apiKey
addr := crypto.PubkeyToAddress(privKey.PublicKey).Hex()
c.Log.Infof("🔧 [MCP] BlockRun Base wallet: %s", addr)
}
if customModel != "" {
c.Model = customModel
c.Log.Infof("🔧 [MCP] BlockRun Base model: %s", customModel)
} else {
c.Log.Infof("🔧 [MCP] BlockRun Base model: %s", DefaultBlockRunModel)
}
}
func (c *BlockRunBaseClient) SetAuthHeader(h http.Header) { X402SetAuthHeader(h) }
func (c *BlockRunBaseClient) Call(systemPrompt, userPrompt string) (string, error) {
return X402Call(c.Client, c.signPayment, "BlockRun Base", systemPrompt, userPrompt)
}
func (c *BlockRunBaseClient) CallWithRequestFull(req *mcp.Request) (*mcp.LLMResponse, error) {
return X402CallFull(c.Client, c.signPayment, "BlockRun Base", req)
}
// signPayment parses the Payment-Required header (x402 v2) and returns a signed payment value.
func (c *BlockRunBaseClient) signPayment(paymentHeaderB64 string) (string, error) {
return SignBasePaymentHeader(c.privateKey, paymentHeaderB64, "BlockRun Base")
}
// SignX402Payment is the shared EIP-712 signing logic for x402 v2 on Base USDC.
// Used by both BlockRunBaseClient and Claw402Client.
func SignX402Payment(privateKey *ecdsa.PrivateKey, senderAddr string, opt X402AcceptOption, resource *X402Resource) (string, error) {
recipient := opt.PayTo
amount := opt.Amount
network := opt.Network
asset := opt.Asset
extra := opt.Extra
maxTimeout := opt.MaxTimeoutSeconds
if maxTimeout == 0 {
maxTimeout = 300
}
resourceURL := ""
resourceDesc := ""
resourceMime := "application/json"
if resource != nil {
resourceURL = resource.URL
resourceDesc = resource.Description
resourceMime = resource.MimeType
}
now := time.Now().Unix()
validAfter := int64(0)
validBefore := now + int64(maxTimeout)
nonceBytes := make([]byte, 32)
if _, err := rand.Read(nonceBytes); err != nil {
return "", fmt.Errorf("failed to generate nonce: %w", err)
}
nonce := "0x" + hex.EncodeToString(nonceBytes)
domainName := "USD Coin"
domainVersion := "2"
if extra != nil {
if v, ok := extra["name"]; ok && v != "" {
domainName = v
}
if v, ok := extra["version"]; ok && v != "" {
domainVersion = v
}
}
domainSeparator, err := buildDomainSeparatorDynamic(domainName, domainVersion, network, asset)
if err != nil {
return "", fmt.Errorf("failed to build domain separator: %w", err)
}
amountBig, err := parseBigInt(amount)
if err != nil {
return "", fmt.Errorf("invalid amount: %w", err)
}
structHash, err := buildTransferWithAuthHashDynamic(senderAddr, recipient, amountBig, validAfter, validBefore, nonce)
if err != nil {
return "", fmt.Errorf("failed to build struct hash: %w", err)
}
digest := make([]byte, 0, 66)
digest = append(digest, 0x19, 0x01)
digest = append(digest, domainSeparator...)
digest = append(digest, structHash...)
hash := keccak256Bytes(digest)
sig, err := crypto.Sign(hash, privateKey)
if err != nil {
return "", fmt.Errorf("failed to sign: %w", err)
}
if sig[64] < 27 {
sig[64] += 27
}
sigHex := "0x" + hex.EncodeToString(sig)
paymentData := map[string]interface{}{
"x402Version": 2,
"resource": map[string]string{
"url": resourceURL,
"description": resourceDesc,
"mimeType": resourceMime,
},
"accepted": map[string]interface{}{
"scheme": "exact",
"network": network,
"amount": amount,
"asset": asset,
"payTo": recipient,
"maxTimeoutSeconds": maxTimeout,
"extra": extra,
},
"payload": map[string]interface{}{
"signature": sigHex,
"authorization": map[string]string{
"from": senderAddr,
"to": recipient,
"value": amount,
"validAfter": fmt.Sprintf("%d", validAfter),
"validBefore": fmt.Sprintf("%d", validBefore),
"nonce": nonce,
},
},
"extensions": map[string]interface{}{},
}
resultJSON, err := json.Marshal(paymentData)
if err != nil {
return "", fmt.Errorf("failed to marshal payment result: %w", err)
}
return base64.StdEncoding.EncodeToString(resultJSON), nil
}
// buildDomainSeparatorDynamic builds the EIP-712 domain separator using runtime values.
func buildDomainSeparatorDynamic(name, version, network, asset string) ([]byte, error) {
chainID := new(big.Int).SetInt64(BaseChainID)
if strings.HasPrefix(network, "eip155:") {
parts := strings.SplitN(network, ":", 2)
if len(parts) == 2 {
if n, ok := new(big.Int).SetString(parts[1], 10); ok {
chainID = n
}
}
}
contractAddr, err := hex.DecodeString(strings.TrimPrefix(asset, "0x"))
if err != nil {
return nil, fmt.Errorf("invalid contract address: %w", err)
}
nameHash := keccak256String(name)
versionHash := keccak256String(version)
encoded := make([]byte, 0, 5*32)
encoded = append(encoded, leftPad32(eip712DomainTypeHash)...)
encoded = append(encoded, leftPad32(nameHash)...)
encoded = append(encoded, leftPad32(versionHash)...)
encoded = append(encoded, leftPad32(chainID.Bytes())...)
addrPadded := make([]byte, 32)
copy(addrPadded[32-len(contractAddr):], contractAddr)
encoded = append(encoded, addrPadded...)
return keccak256Bytes(encoded), nil
}
// buildTransferWithAuthHashDynamic builds the struct hash for TransferWithAuthorization.
func buildTransferWithAuthHashDynamic(from, to string, value *big.Int, validAfter, validBefore int64, nonce string) ([]byte, error) {
fromBytes, err := hexToAddress(from)
if err != nil {
return nil, fmt.Errorf("invalid from address: %w", err)
}
toBytes, err := hexToAddress(to)
if err != nil {
return nil, fmt.Errorf("invalid to address: %w", err)
}
nonceBytes, err := hexToBytes32(nonce)
if err != nil {
return nil, fmt.Errorf("invalid nonce: %w", err)
}
validAfterBig := new(big.Int).SetInt64(validAfter)
validBeforeBig := new(big.Int).SetInt64(validBefore)
encoded := make([]byte, 0, 7*32)
encoded = append(encoded, leftPad32(transferWithAuthTypeHash)...)
encoded = append(encoded, leftPad32(fromBytes)...)
encoded = append(encoded, leftPad32(toBytes)...)
encoded = append(encoded, leftPad32(value.Bytes())...)
encoded = append(encoded, leftPad32(validAfterBig.Bytes())...)
encoded = append(encoded, leftPad32(validBeforeBig.Bytes())...)
encoded = append(encoded, leftPad32(nonceBytes)...)
return keccak256Bytes(encoded), nil
}
func hexToAddress(s string) ([]byte, error) {
s = strings.TrimPrefix(s, "0x")
b, err := hex.DecodeString(s)
if err != nil {
return nil, err
}
if len(b) != 20 {
return nil, fmt.Errorf("address must be 20 bytes, got %d", len(b))
}
return b, nil
}
func hexToBytes32(s string) ([]byte, error) {
s = strings.TrimPrefix(s, "0x")
b, err := hex.DecodeString(s)
if err != nil {
return nil, err
}
if len(b) > 32 {
return nil, fmt.Errorf("nonce too long: %d bytes", len(b))
}
return b, nil
}
func parseBigInt(s string) (*big.Int, error) {
n := new(big.Int)
if strings.HasPrefix(s, "0x") || strings.HasPrefix(s, "0X") {
if _, ok := n.SetString(s[2:], 16); ok {
return n, nil
}
return nil, fmt.Errorf("cannot parse hex big.Int from %q", s)
}
if _, ok := n.SetString(s, 10); ok {
return n, nil
}
return nil, fmt.Errorf("cannot parse big.Int from %q", s)
}
// leftPad32 pads a byte slice to 32 bytes on the left (ABI encoding).
func leftPad32(b []byte) []byte {
if len(b) >= 32 {
return b[:32]
}
padded := make([]byte, 32)
copy(padded[32-len(b):], b)
return padded
}
// BuildUrl returns the full BlockRun endpoint URL.
func (c *BlockRunBaseClient) BuildUrl() string {
return DefaultBlockRunBaseURL + BlockRunChatEndpoint
}
func (c *BlockRunBaseClient) BuildRequest(url string, jsonData []byte) (*http.Request, error) {
return X402BuildRequest(url, jsonData)
}

View File

@@ -1,276 +0,0 @@
package payment
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"strings"
"github.com/gagliardetto/solana-go"
"github.com/gagliardetto/solana-go/programs/compute-budget"
"github.com/gagliardetto/solana-go/programs/token"
"github.com/gagliardetto/solana-go/rpc"
"nofx/mcp"
)
const (
DefaultBlockRunSolURL = "https://sol.blockrun.ai"
SolanaUSDCMint = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
SolanaNetwork = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"
SolanaMainnetRPC = "https://api.mainnet-beta.solana.com"
// Compute budget defaults (match @x402/svm)
computeUnitLimit = uint32(8000)
computeUnitPrice = uint64(1)
)
func init() {
mcp.RegisterProvider(mcp.ProviderBlockRunSol, func(opts ...mcp.ClientOption) mcp.AIClient {
return NewBlockRunSolClientWithOptions(opts...)
})
}
// BlockRunSolClient implements AIClient using BlockRun's Solana x402 v2 payment protocol.
type BlockRunSolClient struct {
*mcp.Client
keypair solana.PrivateKey
}
func (c *BlockRunSolClient) BaseClient() *mcp.Client { return c.Client }
// NewBlockRunSolClient creates a BlockRun Solana wallet client (backward compatible).
func NewBlockRunSolClient() mcp.AIClient {
return NewBlockRunSolClientWithOptions()
}
// NewBlockRunSolClientWithOptions creates a BlockRun Solana wallet client.
func NewBlockRunSolClientWithOptions(opts ...mcp.ClientOption) mcp.AIClient {
baseOpts := []mcp.ClientOption{
mcp.WithProvider(mcp.ProviderBlockRunSol),
mcp.WithModel(DefaultBlockRunModel),
mcp.WithBaseURL(DefaultBlockRunSolURL),
mcp.WithTimeout(X402Timeout),
mcp.WithMaxRetries(1), // disable outer retry — inner x402 loop handles retries; outer retry causes duplicate payments
}
allOpts := append(baseOpts, opts...)
baseClient := mcp.NewClient(allOpts...).(*mcp.Client)
baseClient.UseFullURL = true
baseClient.BaseURL = DefaultBlockRunSolURL + BlockRunChatEndpoint
c := &BlockRunSolClient{Client: baseClient}
baseClient.Hooks = c
return c
}
// SetAPIKey stores the Solana wallet private key (base58-encoded 64-byte keypair).
func (c *BlockRunSolClient) SetAPIKey(apiKey string, customURL string, customModel string) {
kp, err := solana.PrivateKeyFromBase58(strings.TrimSpace(apiKey))
if err != nil {
c.Log.Warnf("⚠️ [MCP] BlockRun Sol: failed to parse private key: %v", err)
return
}
c.keypair = kp
c.APIKey = apiKey
c.Log.Infof("🔧 [MCP] BlockRun Sol wallet: %s", kp.PublicKey().String())
if customModel != "" {
c.Model = customModel
c.Log.Infof("🔧 [MCP] BlockRun Sol model: %s", customModel)
} else {
c.Log.Infof("🔧 [MCP] BlockRun Sol model: %s", DefaultBlockRunModel)
}
}
func (c *BlockRunSolClient) SetAuthHeader(h http.Header) { X402SetAuthHeader(h) }
func (c *BlockRunSolClient) Call(systemPrompt, userPrompt string) (string, error) {
return X402Call(c.Client, c.signSolanaPayment, "BlockRun Sol", systemPrompt, userPrompt)
}
func (c *BlockRunSolClient) CallWithRequestFull(req *mcp.Request) (*mcp.LLMResponse, error) {
return X402CallFull(c.Client, c.signSolanaPayment, "BlockRun Sol", req)
}
// signSolanaPayment parses the Payment-Required header and builds a signed x402 v2 Solana payload.
func (c *BlockRunSolClient) signSolanaPayment(paymentHeaderB64 string) (string, error) {
if c.keypair == nil {
return "", fmt.Errorf("no private key set for BlockRun Sol wallet")
}
decoded, err := X402DecodeHeader(paymentHeaderB64)
if err != nil {
return "", err
}
var req X402v2PaymentRequired
if err := json.Unmarshal(decoded, &req); err != nil {
return "", fmt.Errorf("failed to parse x402 v2 Solana header: %w", err)
}
// Find the Solana option
var opt *X402AcceptOption
for i := range req.Accepts {
if strings.HasPrefix(req.Accepts[i].Network, "solana:") {
opt = &req.Accepts[i]
break
}
}
if opt == nil {
return "", fmt.Errorf("no Solana payment option in x402 response")
}
recipient := opt.PayTo
amount := opt.Amount
feePayer := ""
if opt.Extra != nil {
feePayer = opt.Extra["feePayer"]
}
if feePayer == "" {
return "", fmt.Errorf("feePayer missing from Solana x402 extra")
}
maxTimeout := opt.MaxTimeoutSeconds
if maxTimeout == 0 {
maxTimeout = 300
}
resourceURL := DefaultBlockRunSolURL + BlockRunChatEndpoint
resourceDesc := ""
resourceMime := "application/json"
if req.Resource != nil {
resourceURL = req.Resource.URL
resourceDesc = req.Resource.Description
resourceMime = req.Resource.MimeType
}
// Build the SPL TransferChecked transaction
txB64, err := c.buildSolanaTransferTx(recipient, feePayer, amount)
if err != nil {
return "", fmt.Errorf("failed to build Solana transfer tx: %w", err)
}
// Build x402 v2 payment payload
paymentData := map[string]interface{}{
"x402Version": 2,
"resource": map[string]string{
"url": resourceURL,
"description": resourceDesc,
"mimeType": resourceMime,
},
"accepted": map[string]interface{}{
"scheme": "exact",
"network": SolanaNetwork,
"amount": amount,
"asset": SolanaUSDCMint,
"payTo": recipient,
"maxTimeoutSeconds": maxTimeout,
"extra": opt.Extra,
},
"payload": map[string]string{
"transaction": txB64,
},
"extensions": map[string]interface{}{},
}
resultJSON, err := json.Marshal(paymentData)
if err != nil {
return "", fmt.Errorf("failed to marshal Solana payment: %w", err)
}
return base64.StdEncoding.EncodeToString(resultJSON), nil
}
// buildSolanaTransferTx builds a partial-signed VersionedTransaction for SPL USDC TransferChecked.
func (c *BlockRunSolClient) buildSolanaTransferTx(recipient, feePayer, amountStr string) (string, error) {
ownerPubkey := c.keypair.PublicKey()
recipientPK, err := solana.PublicKeyFromBase58(recipient)
if err != nil {
return "", fmt.Errorf("invalid recipient address: %w", err)
}
feePayerPK, err := solana.PublicKeyFromBase58(feePayer)
if err != nil {
return "", fmt.Errorf("invalid feePayer address: %w", err)
}
mintPK := solana.MustPublicKeyFromBase58(SolanaUSDCMint)
var amountU64 uint64
if _, err := fmt.Sscanf(amountStr, "%d", &amountU64); err != nil {
return "", fmt.Errorf("invalid amount %q: %w", amountStr, err)
}
sourceATA, _, err := solana.FindAssociatedTokenAddress(ownerPubkey, mintPK)
if err != nil {
return "", fmt.Errorf("failed to derive source ATA: %w", err)
}
destATA, _, err := solana.FindAssociatedTokenAddress(recipientPK, mintPK)
if err != nil {
return "", fmt.Errorf("failed to derive dest ATA: %w", err)
}
rpcClient := rpc.New(SolanaMainnetRPC)
bhResp, err := rpcClient.GetLatestBlockhash(context.Background(), rpc.CommitmentFinalized)
if err != nil {
return "", fmt.Errorf("failed to fetch blockhash: %w", err)
}
recentBlockhash := bhResp.Value.Blockhash
setLimitIx, err := computebudget.NewSetComputeUnitLimitInstruction(computeUnitLimit).ValidateAndBuild()
if err != nil {
return "", fmt.Errorf("failed to build SetComputeUnitLimit: %w", err)
}
setPriceIx, err := computebudget.NewSetComputeUnitPriceInstruction(computeUnitPrice).ValidateAndBuild()
if err != nil {
return "", fmt.Errorf("failed to build SetComputeUnitPrice: %w", err)
}
transferIx, err := token.NewTransferCheckedInstruction(
amountU64,
6, // USDC decimals
sourceATA,
mintPK,
destATA,
ownerPubkey,
[]solana.PublicKey{},
).ValidateAndBuild()
if err != nil {
return "", fmt.Errorf("failed to build TransferChecked: %w", err)
}
tx, err := solana.NewTransaction(
[]solana.Instruction{setLimitIx, setPriceIx, transferIx},
recentBlockhash,
solana.TransactionPayer(feePayerPK),
)
if err != nil {
return "", fmt.Errorf("failed to build transaction: %w", err)
}
_, err = tx.Sign(func(key solana.PublicKey) *solana.PrivateKey {
if key.Equals(ownerPubkey) {
return &c.keypair
}
return nil // feePayer will be signed by BlockRun CDP
})
if err != nil {
return "", fmt.Errorf("failed to sign transaction: %w", err)
}
txBytes, err := tx.MarshalBinary()
if err != nil {
return "", fmt.Errorf("failed to serialize transaction: %w", err)
}
return base64.StdEncoding.EncodeToString(txBytes), nil
}
// BuildUrl returns the full BlockRun Solana endpoint URL.
func (c *BlockRunSolClient) BuildUrl() string {
return DefaultBlockRunSolURL + BlockRunChatEndpoint
}
func (c *BlockRunSolClient) BuildRequest(url string, jsonData []byte) (*http.Request, error) {
return X402BuildRequest(url, jsonData)
}

View File

@@ -132,7 +132,7 @@ func (c *Claw402Client) CallWithRequestFull(req *mcp.Request) (*mcp.LLMResponse,
return X402CallFull(c.Client, c.signPayment, "Claw402", req)
}
// signPayment signs x402 v2 EIP-712 payment (same Base chain + USDC as BlockRunBase).
// signPayment signs x402 v2 EIP-712 payment on Base chain + USDC.
func (c *Claw402Client) signPayment(paymentHeaderB64 string) (string, error) {
return SignBasePaymentHeader(c.privateKey, paymentHeaderB64, "Claw402")
}

View File

@@ -4,14 +4,19 @@ import (
"bytes"
"context"
"crypto/ecdsa"
"crypto/rand"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"math/big"
"net/http"
"strings"
"time"
"github.com/ethereum/go-ethereum/crypto"
"golang.org/x/crypto/sha3"
"nofx/mcp"
)
@@ -77,7 +82,7 @@ func X402DecodeHeader(b64 string) ([]byte, error) {
}
// SignBasePaymentHeader decodes a base64 x402 header, parses it, and signs with
// EIP-712 (USDC TransferWithAuthorization). Shared by BlockRunBase and Claw402.
// EIP-712 (USDC TransferWithAuthorization).
func SignBasePaymentHeader(privateKey *ecdsa.PrivateKey, paymentHeaderB64 string, providerName string) (string, error) {
if privateKey == nil {
return "", fmt.Errorf("no private key set for %s wallet", providerName)
@@ -521,3 +526,252 @@ func X402CallFull(c *mcp.Client, signFn X402SignFunc, tag string, req *mcp.Reque
}
return c.Hooks.ParseMCPResponseFull(body)
}
// ── Shared EIP-712 constants & helpers (Base chain, USDC) ────────────────────
const (
BaseUSDCContract = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
BaseChainID int64 = 8453
BaseNetwork = "eip155:8453"
)
// EIP-712 type hashes for USDC TransferWithAuthorization (ERC-3009)
var (
eip712DomainTypeHash = keccak256String("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
transferWithAuthTypeHash = keccak256String("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
)
func keccak256String(s string) []byte {
h := sha3.NewLegacyKeccak256()
h.Write([]byte(s))
return h.Sum(nil)
}
func keccak256Bytes(data ...[]byte) []byte {
h := sha3.NewLegacyKeccak256()
for _, b := range data {
h.Write(b)
}
return h.Sum(nil)
}
// SignX402Payment is the shared EIP-712 signing logic for x402 v2 on Base USDC.
func SignX402Payment(privateKey *ecdsa.PrivateKey, senderAddr string, opt X402AcceptOption, resource *X402Resource) (string, error) {
recipient := opt.PayTo
amount := opt.Amount
network := opt.Network
asset := opt.Asset
extra := opt.Extra
maxTimeout := opt.MaxTimeoutSeconds
if maxTimeout == 0 {
maxTimeout = 300
}
resourceURL := ""
resourceDesc := ""
resourceMime := "application/json"
if resource != nil {
resourceURL = resource.URL
resourceDesc = resource.Description
resourceMime = resource.MimeType
}
now := time.Now().Unix()
validAfter := int64(0)
validBefore := now + int64(maxTimeout)
nonceBytes := make([]byte, 32)
if _, err := rand.Read(nonceBytes); err != nil {
return "", fmt.Errorf("failed to generate nonce: %w", err)
}
nonce := "0x" + hex.EncodeToString(nonceBytes)
domainName := "USD Coin"
domainVersion := "2"
if extra != nil {
if v, ok := extra["name"]; ok && v != "" {
domainName = v
}
if v, ok := extra["version"]; ok && v != "" {
domainVersion = v
}
}
domainSeparator, err := buildDomainSeparatorDynamic(domainName, domainVersion, network, asset)
if err != nil {
return "", fmt.Errorf("failed to build domain separator: %w", err)
}
amountBig, err := parseBigInt(amount)
if err != nil {
return "", fmt.Errorf("invalid amount: %w", err)
}
structHash, err := buildTransferWithAuthHashDynamic(senderAddr, recipient, amountBig, validAfter, validBefore, nonce)
if err != nil {
return "", fmt.Errorf("failed to build struct hash: %w", err)
}
digest := make([]byte, 0, 66)
digest = append(digest, 0x19, 0x01)
digest = append(digest, domainSeparator...)
digest = append(digest, structHash...)
hash := keccak256Bytes(digest)
sig, err := crypto.Sign(hash, privateKey)
if err != nil {
return "", fmt.Errorf("failed to sign: %w", err)
}
if sig[64] < 27 {
sig[64] += 27
}
sigHex := "0x" + hex.EncodeToString(sig)
paymentData := map[string]interface{}{
"x402Version": 2,
"resource": map[string]string{
"url": resourceURL,
"description": resourceDesc,
"mimeType": resourceMime,
},
"accepted": map[string]interface{}{
"scheme": "exact",
"network": network,
"amount": amount,
"asset": asset,
"payTo": recipient,
"maxTimeoutSeconds": maxTimeout,
"extra": extra,
},
"payload": map[string]interface{}{
"signature": sigHex,
"authorization": map[string]string{
"from": senderAddr,
"to": recipient,
"value": amount,
"validAfter": fmt.Sprintf("%d", validAfter),
"validBefore": fmt.Sprintf("%d", validBefore),
"nonce": nonce,
},
},
"extensions": map[string]interface{}{},
}
resultJSON, err := json.Marshal(paymentData)
if err != nil {
return "", fmt.Errorf("failed to marshal payment result: %w", err)
}
return base64.StdEncoding.EncodeToString(resultJSON), nil
}
// buildDomainSeparatorDynamic builds the EIP-712 domain separator using runtime values.
func buildDomainSeparatorDynamic(name, version, network, asset string) ([]byte, error) {
chainID := new(big.Int).SetInt64(BaseChainID)
if strings.HasPrefix(network, "eip155:") {
parts := strings.SplitN(network, ":", 2)
if len(parts) == 2 {
if n, ok := new(big.Int).SetString(parts[1], 10); ok {
chainID = n
}
}
}
contractAddr, err := hex.DecodeString(strings.TrimPrefix(asset, "0x"))
if err != nil {
return nil, fmt.Errorf("invalid contract address: %w", err)
}
nameHash := keccak256String(name)
versionHash := keccak256String(version)
encoded := make([]byte, 0, 5*32)
encoded = append(encoded, leftPad32(eip712DomainTypeHash)...)
encoded = append(encoded, leftPad32(nameHash)...)
encoded = append(encoded, leftPad32(versionHash)...)
encoded = append(encoded, leftPad32(chainID.Bytes())...)
addrPadded := make([]byte, 32)
copy(addrPadded[32-len(contractAddr):], contractAddr)
encoded = append(encoded, addrPadded...)
return keccak256Bytes(encoded), nil
}
// buildTransferWithAuthHashDynamic builds the struct hash for TransferWithAuthorization.
func buildTransferWithAuthHashDynamic(from, to string, value *big.Int, validAfter, validBefore int64, nonce string) ([]byte, error) {
fromBytes, err := hexToAddress(from)
if err != nil {
return nil, fmt.Errorf("invalid from address: %w", err)
}
toBytes, err := hexToAddress(to)
if err != nil {
return nil, fmt.Errorf("invalid to address: %w", err)
}
nonceBytes, err := hexToBytes32(nonce)
if err != nil {
return nil, fmt.Errorf("invalid nonce: %w", err)
}
validAfterBig := new(big.Int).SetInt64(validAfter)
validBeforeBig := new(big.Int).SetInt64(validBefore)
encoded := make([]byte, 0, 7*32)
encoded = append(encoded, leftPad32(transferWithAuthTypeHash)...)
encoded = append(encoded, leftPad32(fromBytes)...)
encoded = append(encoded, leftPad32(toBytes)...)
encoded = append(encoded, leftPad32(value.Bytes())...)
encoded = append(encoded, leftPad32(validAfterBig.Bytes())...)
encoded = append(encoded, leftPad32(validBeforeBig.Bytes())...)
encoded = append(encoded, leftPad32(nonceBytes)...)
return keccak256Bytes(encoded), nil
}
func hexToAddress(s string) ([]byte, error) {
s = strings.TrimPrefix(s, "0x")
b, err := hex.DecodeString(s)
if err != nil {
return nil, err
}
if len(b) != 20 {
return nil, fmt.Errorf("address must be 20 bytes, got %d", len(b))
}
return b, nil
}
func hexToBytes32(s string) ([]byte, error) {
s = strings.TrimPrefix(s, "0x")
b, err := hex.DecodeString(s)
if err != nil {
return nil, err
}
if len(b) > 32 {
return nil, fmt.Errorf("nonce too long: %d bytes", len(b))
}
return b, nil
}
func parseBigInt(s string) (*big.Int, error) {
n := new(big.Int)
if strings.HasPrefix(s, "0x") || strings.HasPrefix(s, "0X") {
if _, ok := n.SetString(s[2:], 16); ok {
return n, nil
}
return nil, fmt.Errorf("cannot parse hex big.Int from %q", s)
}
if _, ok := n.SetString(s, 10); ok {
return n, nil
}
return nil, fmt.Errorf("cannot parse big.Int from %q", s)
}
// leftPad32 pads a byte slice to 32 bytes on the left (ABI encoding).
func leftPad32(b []byte) []byte {
if len(b) >= 32 {
return b[:32]
}
padded := make([]byte, 32)
copy(padded[32-len(b):], b)
return padded
}

View File

@@ -13,9 +13,7 @@ const (
ProviderKimi = "kimi"
ProviderMiniMax = "minimax"
ProviderBlockRunBase = "blockrun-base"
ProviderBlockRunSol = "blockrun-sol"
ProviderClaw402 = "claw402"
ProviderClaw402 = "claw402"
// Default DeepSeek configuration (used as fallback in NewClient)
DefaultDeepSeekBaseURL = "https://api.deepseek.com"