feat(tvm): add TON mechanism for exact payment scheme#1583
Draft
ohld wants to merge 13 commits intox402-foundation:mainfrom
Draft
feat(tvm): add TON mechanism for exact payment scheme#1583ohld wants to merge 13 commits intox402-foundation:mainfrom
ohld wants to merge 13 commits intox402-foundation:mainfrom
Conversation
Add @x402/tvm (TypeScript) and x402[tvm] (Python) mechanism packages implementing the exact payment scheme for TON blockchain. Python (mechanisms/tvm/): - Full gasless USDT payment flow via TONAPI relay - Ed25519 signature verification for W5R1 wallets - BoC parser for external messages, jetton transfers - 6-rule payment verification (protocol, signature, intent, replay, relay safety, simulation) - Idempotent settlement with state machine - 72 unit tests TypeScript (@x402/tvm): - SchemeNetworkClient/Server/Facilitator implementations - W5R1 wallet signing with @ton/ton SDK - Gasless estimate + settlement via TONAPI - CAIP-2 network IDs: tvm:-239 (mainnet), tvm:-3 (testnet) - 48 unit tests Refs: spec PR x402-foundation#1455, live facilitator at ton-facilitator.okhlopkov.com
…x dep - TS facilitator: add full Ed25519 signature verification using tweetnacl - TS client: compute commission from gasless estimate, propagate stateInit - Python: add httpx to tvm extras, lazy-import TonapiProvider - Update facilitator tests with real cryptographic fixtures
🟡 Heimdall Review Status
|
|
@ohld is attempting to deploy a commit to the Coinbase Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
|
FYI, we have some guidelines for the implementation of new networks here: https://github.com/coinbase/x402/blob/main/CONTRIBUTING.md#new-chains |
Codex review fixes:
- TS client /prepare now sends {walletAddress, walletPublicKey, paymentRequirements}
matching Python and the actual facilitator API
- TS facilitator delegates verify/settle to facilitator HTTP service instead of
local BoC parsing (fixes security gap: was checking JSON fields but not BoC content)
- TS /settle sends x402 envelope format matching facilitator API
- validUntil comes from facilitator /prepare response, not invented locally
- Remove unused error constants and Cell import
- Update README: self-relay architecture, remove gasless/toFacilitatorTvmSigner docs
- Update client tests to mock fetch instead of removed signer methods
- Update changelog: "self-relay gas sponsorship" instead of "gasless"
1 task
…nly for PR 2) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Author
|
Thanks for the pointer to CONTRIBUTING.md, @phdargen. Splitting this PR to TypeScript-only per the guidelines — just pushed a commit removing all Python TVM files. Python implementation will follow in a separate PR after TS merges. Testnet E2E setup: happy to prepare everything for testing — deploy a test jetton on TON testnet, fund wallets with testnet TON and test tokens, share private keys privately. If you'd like me to set it up for you, ping me on Telegram: https://t.me/okhlopkov Or self-service:
|
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions
bot
added
ecosystem
The TVM facilitator scheme now accepts both response formats from the facilitator API, ensuring compatibility with facilitators that use either convention. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SAFIR143
approved these changes
Mar 17, 2026
|
Review Error for SAFIR143 @ 2026-03-17 04:47:32 UTC |
Breaking changes:
- Client resolves seqno + jetton wallet via TON RPC (default: toncenter.com)
- ExactTvmScheme constructor now accepts optional { rpcUrl, apiKey }
- Removed nonce from TvmPaymentPayload (dedup uses BoC hash)
- Facilitator dedup tracks BoC hashes instead of nonces
Aligns with spec review: no /prepare endpoint, client uses standard
RPC calls like SVM/Stellar/Aptos.
- Client uses paymentRequirements.maxTimeoutSeconds for validUntil instead of hardcoded 300s - Facilitator forwards maxTimeoutSeconds to external /verify and /settle
@ton-api/client and @ton-api/ton-adapter were leftover from the gasless relay approach. tweetnacl is only used in tests.
Address TON Core team review feedback:
- settlementBoc encodes internal message (not external)
- Payload reduced to {settlementBoc, asset} only
- Remove redundant fields (from, to, amount, walletPublicKey)
- Set bounce=true on internal messages
- Remove facilitatorUrl from PaymentRequirements extra
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds full TVM (TON) mechanism support to x402 — both Python and TypeScript SDKs — so anyone using
pip install x402[tvm]or@x402/tvmcan pay and accept TON payments out of the box, matching the existing EVM/SVM pattern.What's included
Python SDK (
python/x402/mechanisms/tvm/)ExactTvmClientScheme— builds gasless USDT payments on TON using TONAPI relayExactTvmServerScheme— price parsing with 6-decimal USDT defaultExactTvmFacilitatorScheme— verify (Ed25519 + 5 field checks) + settle via TONAPI gasless/sendClientTvmSigner/FacilitatorTvmSignerprotocol definitionsTonapiProviderconcrete implementation (lazy-imported to avoid hard httpx dep)register_tvm_exact()— V2 only, wildcardtvm:*networkTypeScript SDK (
typescript/packages/mechanisms/tvm/)ExactTvmScheme(client) — gasless USDT payment flow with W5R1 wallet signingExactTvmScheme(server) — price parsing matching EVM/SVM patternExactTvmScheme(facilitator) — full Ed25519 signature verification (tweetnacl) + settleClientTvmSigner/FacilitatorTvmSignertype definitionstoClientTvmSigner()/toFacilitatorTvmSigner()factory functionsDependencies
pytoniq-core>=0.1.36,PyNaCl>=1.5,httpx>=0.28.1(optionaltvmextra)@ton/ton,@ton/core,@ton/crypto,@ton-api/client,@ton-api/ton-adapter,tweetnaclRelated
TON gasless payment flow
Network identifiers
tvm:-239tvm:-3Test plan
uv run pytest tests/unit/mechanisms/tvm/ -v— 72 tests passingpnpm testintypescript/packages/mechanisms/tvm/— 49 tests passingpip install "git+https://github.com/ohld/x402.git@feat/mechanism-tvm-exact#subdirectory=python/x402"with[tvm]extra