x402 icon indicating copy to clipboard operation
x402 copied to clipboard
Published 1 month ago verified publisher icon coinbase

fix(python): use bytes for nonce internally

Open SgtPooki opened this issue 2 months ago • 2 comments

Description

This bug was seen while working with chaoschain. The problem was that the nonce was being stored as bytes in the payment header, but the sign_payment_header() function expected it to be a hex string. This caused the bytes.fromhex() function to fail.

The existing tests for exact.py were manually converting the nonce to a hex string before signing, which was masking the problem.

ChaosChain SDK uses the x402 library by preparing the payment header, and then signing it immediately with no intermediary steps. I believe this is the main way most users will use the library, which is why I'm submitting this PR.

Standardized on bytes throughout the internal API:

  • prepare_payment_header() continues to store nonces as bytes (natural format)
  • sign_payment_header() now expects and uses bytes directly
  • Conversion to hex string only happens for JSON serialization in encode_payment()
  • Better types for the PaymentHeader instead of Dict[str, Any]
  • updates uv.lock file (I didn't make any dep changes.. can remove this change if you need me to)

No existing issues nor PRs were found in the github repo.

Tests

Tested various ways by either passing through hex strings or bytes, or accepting both inside sign_payment_header which felt wrong.

Some testing artifacts can be seen at https://gist.github.com/SgtPooki/6dafe4828509534256f624fa56f81e8b, but the primary testing focused on removing workarounds from existing tests, and adding some assertions

Checklist

  • [x] I have formatted and linted my code
  • [x] All new and existing tests pass
  • [x] My commits are signed (required for merge) -- you may need to rebase if you initially pushed unsigned commits

SgtPooki avatar Oct 21 '25 21:10 SgtPooki

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

cb-heimdall avatar Oct 21 '25 21:10 cb-heimdall

@SgtPooki is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Oct 21 '25 21:10 vercel[bot]