atxp-dev · badjer · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026
diff --git a/.gitignore b/.gitignore
@@ -140,3 +140,4 @@ dist-cjs
 .DS_Store
 bundle-analysis/
 .npmrc.publish
+CLAUDE.local.md
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/atxp-base/package.json b/packages/atxp-base/package.json
@@ -24,7 +24,7 @@
     "dist"
   ],
   "scripts": {
-    "build": "rollup -c",
+    "build": "rollup -c && rm -rf dist/node_modules dist/_virtual",
     "typecheck": "tsc --noEmit",
     "lint": "eslint . --ext .ts",
     "lint:fix": "eslint . --ext .ts --fix",
@@ -37,7 +37,8 @@
     "@atxp/client": "0.10.13",
     "@atxp/common": "0.10.13",
     "bignumber.js": "^9.3.0",
-    "viem": "^2.34.0"
+    "viem": "^2.34.0",
+    "x402": "^0.3.0"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",

diff --git a/packages/atxp-base/src/baseAccount.ts b/packages/atxp-base/src/baseAccount.ts
@@ -5,8 +5,10 @@ import { privateKeyToAccount, PrivateKeyAccount } from 'viem/accounts';
 import { BasePaymentMaker } from './basePaymentMaker.js';
 import { createWalletClient, http, WalletClient, LocalAccount } from 'viem';
 import { base } from 'viem/chains';
+import { createPaymentHeader } from 'x402/client';
 
 export class BaseAccount implements Account {
+  readonly usesAccountsAuthorize = false;
   private _accountId: AccountId;
   paymentMakers: PaymentMaker[];
   private walletClient: WalletClient;
@@ -83,7 +85,6 @@ export class BaseAccount implements Account {
 
     switch (protocol) {
       case 'x402': {
-        const { createPaymentHeader } = await import('x402/client');
         if (!params.paymentRequirements) {
           throw new Error('BaseAccount: x402 authorize requires paymentRequirements');
         }

diff --git a/packages/atxp-base/src/baseAppAccount.ts b/packages/atxp-base/src/baseAppAccount.ts
@@ -17,6 +17,7 @@ const DEFAULT_ALLOWANCE = 10n;
 const DEFAULT_PERIOD_IN_DAYS = 7;
 
 export class BaseAppAccount implements Account {
+  readonly usesAccountsAuthorize = false;
   private _accountId: AccountId;
   paymentMakers: PaymentMaker[];
   private mainWalletAddress?: string;

diff --git a/packages/atxp-client/package.json b/packages/atxp-client/package.json
@@ -24,7 +24,7 @@
     "dist"
   ],
   "scripts": {
-    "build": "rollup -c",
+    "build": "rollup -c && rm -rf dist/node_modules dist/_virtual",
     "typecheck": "tsc --noEmit",
     "lint": "eslint . --ext .ts",
     "lint:fix": "eslint . --ext .ts --fix",

diff --git a/packages/atxp-client/src/atxpAccountHandler.test.ts b/packages/atxp-client/src/atxpAccountHandler.test.ts
@@ -0,0 +1,189 @@
+import { describe, it, expect, vi } from 'vitest';
+import { ATXPAccountHandler } from './atxpAccountHandler.js';
+import type { ProtocolConfig } from './protocolHandler.js';
+import type { Account } from '@atxp/common';
+
+function createMockAccount(overrides?: Partial<Account>): Account {
+  return {
+    getAccountId: vi.fn().mockResolvedValue('atxp:test-account'),
+    paymentMakers: [],
+    usesAccountsAuthorize: true,
+    getSources: vi.fn().mockResolvedValue([]),
+    createSpendPermission: vi.fn().mockResolvedValue(null),
+    authorize: vi.fn().mockResolvedValue({ protocol: 'atxp', credential: '{"token":"abc"}' }),
+    ...overrides,
+  } as unknown as Account;
+}
+
+function createMockConfig(overrides?: Partial<ProtocolConfig>): ProtocolConfig {
+  return {
+    account: createMockAccount(),
+    logger: {
+      debug: vi.fn(),
+      info: vi.fn(),
+      warn: vi.fn(),
+      error: vi.fn(),
+    },
+    fetchFn: vi.fn().mockResolvedValue(new Response('ok', { status: 200 })),
+    approvePayment: vi.fn().mockResolvedValue(true),
+    onPayment: vi.fn(),
+    onPaymentFailure: vi.fn(),
+    ...overrides,
+  };
+}
+
+function make402Response(body: Record<string, unknown>): Response {
+  return new Response(JSON.stringify(body), {
+    status: 402,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}
+
+describe('ATXPAccountHandler', () => {
+  const handler = new ATXPAccountHandler();
+
+  describe('canHandle', () => {
+    it('returns true for 402 responses', async () => {
+      const response = new Response('', { status: 402 });
+      expect(await handler.canHandle(response)).toBe(true);
+    });
+
+    it('returns false for 200 responses', async () => {
+      const response = new Response('ok', { status: 200 });
+      expect(await handler.canHandle(response)).toBe(false);
+    });
+  });
+
+  describe('handlePaymentChallenge', () => {
+    it('delegates to account.authorize() and retries with payment header', async () => {
+      const authorize = vi.fn().mockResolvedValue({ protocol: 'atxp', credential: '{"token":"abc"}' });
+      const account = createMockAccount({ authorize });
+      const retryResponse = new Response('paid', { status: 200 });
+      const fetchFn = vi.fn().mockResolvedValue(retryResponse);
+      const config = createMockConfig({ account, fetchFn });
+
+      const response = make402Response({ chargeAmount: '0.01' });
+      const result = await handler.handlePaymentChallenge(
+        response,
+        { url: 'https://example.com/api' },
+        config,
+      );
+
+      expect(authorize).toHaveBeenCalledTimes(1);
+      expect(authorize).toHaveBeenCalledWith(
+        expect.objectContaining({
+          protocols: ['atxp', 'x402', 'mpp'],
+          amount: expect.anything(),
+        }),
+      );
+      expect(fetchFn).toHaveBeenCalledTimes(1);
+      expect(result).toBe(retryResponse);
+    });
+
+    it('returns null when authorize throws', async () => {
+      const authorize = vi.fn().mockRejectedValue(new Error('auth failed'));
+      const account = createMockAccount({ authorize });
+      const config = createMockConfig({ account });
+
+      const response = make402Response({ chargeAmount: '0.01' });
+      const result = await handler.handlePaymentChallenge(
+        response,
+        { url: 'https://example.com/api' },
+        config,
+      );
+
+      expect(result).toBeNull();
+      expect(config.logger.error).toHaveBeenCalledWith(
+        expect.stringContaining('authorize failed'),
+      );
+    });
+
+    it('returns null when no amount in challenge data', async () => {
+      const config = createMockConfig();
+
+      // Challenge with no chargeAmount, no x402, no mpp
+      const response = make402Response({ someOtherField: 'value' });
+      const result = await handler.handlePaymentChallenge(
+        response,
+        { url: 'https://example.com/api' },
+        config,
+      );
+
+      expect(result).toBeNull();
+      expect(config.logger.error).toHaveBeenCalledWith(
+        expect.stringContaining('no amount in challenge data'),
+      );
+    });
+  });
+
+  describe('buildAuthorizeParams (via handlePaymentChallenge)', () => {
+    it('extracts destination from x402 accepts, skipping network=atxp', async () => {
+      const authorize = vi.fn().mockResolvedValue({ protocol: 'x402', credential: 'x402-cred' });
+      const account = createMockAccount({ authorize });
+      const fetchFn = vi.fn().mockResolvedValue(new Response('ok', { status: 200 }));
+      const config = createMockConfig({ account, fetchFn });
+
+      const response = make402Response({
+        chargeAmount: '1000000',
+        x402: {
+          accepts: [
+            { network: 'atxp', payTo: 'atxp_acct_123' },
+            { network: 'base', payTo: '0xDEST', maxAmountRequired: '1000000' },
+          ],
+        },
+      });
+
+      await handler.handlePaymentChallenge(
+        response,
+        { url: 'https://example.com/api' },
+        config,
+      );
+
+      expect(authorize).toHaveBeenCalledWith(
+        expect.objectContaining({
+          destination: '0xDEST',
+          paymentRequirements: expect.objectContaining({
+            network: 'base',
+            payTo: '0xDEST',
+          }),
+        }),
+      );
+    });
+
+    it('fetches payment request when no x402 data provides a destination', async () => {
+      const authorize = vi.fn().mockResolvedValue({ protocol: 'atxp', credential: '{}' });
+      const account = createMockAccount({ authorize });
+
+      // Mock fetchFn: the first call (for the payment request) returns options;
+      // the second call (for the retry) returns 200.
+      const prResponse = new Response(JSON.stringify({
+        options: [{ address: '0xFromPR', network: 'base', amount: '500000' }],
+      }), { status: 200 });
+      const retryResponse = new Response('ok', { status: 200 });
+      const fetchFn = vi.fn()
+        .mockResolvedValueOnce(prResponse)
+        .mockResolvedValueOnce(retryResponse);
+
+      const config = createMockConfig({ account, fetchFn });
+
+      const response = make402Response({
+        chargeAmount: '0.50',
+        paymentRequestUrl: 'https://auth.atxp.ai/payment-request/pr_123',
+      });
+
+      await handler.handlePaymentChallenge(
+        response,
+        { url: 'https://example.com/api' },
+        config,
+      );
+
+      // First fetchFn call is the payment request fetch
+      expect(fetchFn).toHaveBeenCalledWith('https://auth.atxp.ai/payment-request/pr_123');
+      expect(authorize).toHaveBeenCalledWith(
+        expect.objectContaining({
+          destination: '0xFromPR',
+        }),
+      );
+    });
+  });
+});