Conversation
Add wallet_pay hostcall enabling agents to pay for services from their budget. This completes the self-provisioning story: agents can now observe prices (HTTP), decide to pay (wallet_pay), and survive crashes mid-payment (effect lifecycle). Runtime: - wallet_pay ABI: amount, recipient, memo → signed payment receipt - Manifest-driven validation: allowed_recipients, max_payment_microcents - Budget deduction with Ed25519-signed receipt generation - Event log recording for deterministic replay (CM-4) SDK: - igor.WalletPay(amount, recipient, memo) wrapper with auto-retry - MockBackend.WalletPay + PaymentHandler for native testing Demo (agents/x402buyer): - Encounters HTTP 402 paywall, parses payment terms - Effect lifecycle: Record → checkpoint → Begin → Pay → Confirm - Crash recovery: unresolved payments reconciled, no duplicates - Mock paywall server (agents/x402buyer/cmd/paywall) - End-to-end demo script (scripts/demo-x402.sh) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add go.mod for x402buyer agent (same pattern as other agents) - Move paywall server from agents/x402buyer/cmd/ to cmd/paywall/ so it's part of the main module (not the agent's TinyGo module) - Update Makefile build path - Fix errcheck lint warning Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 10d608201d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if m.Has("x402") && r.walletPayState != nil { | ||
| capCfg := m.Capabilities["x402"] | ||
| r.registerPayment(builder, r.walletPayState, capCfg) | ||
| registered++ |
There was a problem hiding this comment.
This registers x402/wallet_pay in the live host module, but the replay host module paths still only register clock, rand, log, wallet, and pricing (checked internal/replay/engine.go in both registerReplayHostModule and registerChainReplayHostModule). In environments using replay verification (default ReplayMode=full), migrated agents that import igor.wallet_pay will fail replay module instantiation, causing migration verification to fail even when the checkpoint is valid.
Useful? React with 👍 / 👎.
| // Deduct budget. | ||
| if err := state.DeductBudget(amount); err != nil { | ||
| r.logger.Error("Budget deduction failed", "error", err) | ||
| return payErrProcessing | ||
| } |
There was a problem hiding this comment.
wallet_pay deducts budget before verifying that the caller’s receipt buffer is large enough to return the receipt. When the buffer is too small, the function returns -5 and expects a retry, but the first attempt has already charged the agent, so retries can double-charge the same payment. This affects callers that start with smaller buffers (or future larger receipts) and violates retry safety for this hostcall ABI.
Useful? React with 👍 / 👎.
…ering - Register wallet_pay in both registerReplayHostModule and registerChainReplayHostModule so agents using x402 capability can pass replay verification (CM-4) - Move receipt buffer capacity check before budget deduction in payment.go to prevent double-charge when caller retries with a larger buffer after receiving -5 (payErrBufferTooSmall) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 participant
No description provided.