feat: add Stellar chain support with Soroban auth signing and x402 payments#198
feat: add Stellar chain support with Soroban auth signing and x402 payments#198oceans404 wants to merge 6 commits intoopen-wallet-standard:mainfrom
Conversation
|
@oceans404 is attempting to deploy a commit to the MoonPay Team on Vercel. A member of the Team first needs to authorize it. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
- ChainType::Stellar with Ed25519 curve, coin type 148, SEP-0005 derivation (m/44'/148'/{index}')
- StellarSigner with network-aware passphrase dispatch (pubnet, testnet, futurenet)
- Full signing pipeline: XDR envelope parsing, TransactionSignaturePayload construction, DecoratedSignature assembly via stellar-xdr
- SEP-53 message signing
- Soroban JSON-RPC broadcasting with enriched error messages (stellar_errors.rs)
- Backward-compatible signer_for_chain_type(ChainType) wrapper
- Pre-wired MoonPay funding + dynamic find_account_for_chain fix
- Updated docs, skills, website-docs, and README for 10 supported chains
Implement end-to-end x402 payments on Stellar (Soroban) alongside the existing EVM path. The client now builds a Soroban transfer transaction, simulates it, signs the auth entries, and sends the assembled XDR to the facilitator for settlement. Key changes: - ows-pay: Stellar exact payment flow (simulate, sign auth, assemble tx, double-simulate for accurate fees) - ows-signer: ed25519 signing for Soroban authorization preimages - ows-cli: --network flag on `pay request` to select a specific chain when the server offers multiple payment options - Fix ledger close time estimate (5s -> 6s) to prevent facilitator rejection of signature expiration on Stellar Tested against anypay-test server with x402.org facilitator on both Base Sepolia (eip155:84532) and Stellar testnet.
Same fix as the PR (open-wallet-standard#197), applied on top of the Stellar support commits on main. Fixes open-wallet-standard#196 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds sign_inner_authorizations to the ChainSigner trait so that ows sign send-tx transparently signs Soroban authorization entries inside Stellar transaction envelopes. This enables agents to call arbitrary Soroban contracts through OWS without chain-specific CLI commands — just pass a pre-simulated envelope and OWS handles both the inner auth signing and outer envelope signing. - New trait method with default no-op (zero impact on other chains) - StellarSigner override: detects InvokeHostFunction ops, signs matching auth entries, skips others/already-signed/contracts - Shared helpers in soroban_auth module (preimage + signature formatting) - Fix pre-existing test_sign_soroban_auth_equivalence test bug - 13 new tests covering all edge cases + security scenarios Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is kicking off a free cloud agent to fix these issues. This run is complimentary, but you can enable autofix for all future PRs in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b143241. Configure here.
| ChainType::Sui, | ||
| ChainType::Xrpl, | ||
| ChainType::Nano, | ||
| ChainType::Stellar, |
There was a problem hiding this comment.
Spark accidentally added to ALL_CHAIN_TYPES array
High Severity
ChainType::Spark was added to ALL_CHAIN_TYPES alongside Stellar, but the PR only intends to add Stellar support. Previously, ALL_CHAIN_TYPES had 10 entries (without Spark); now it has 12. Since derive_all_accounts iterates over ALL_CHAIN_TYPES to create wallet addresses, every wallet creation will now produce an extra Spark account. Spark shares Bitcoin's derivation path (m/84'/0'/0'/0/0), so this creates a redundant account from the same key material. The documentation was updated from "9" to "10" accounts (not 12), confirming only Stellar was intended.
Reviewed by Cursor Bugbot for commit b143241. Configure here.
There was a problem hiding this comment.
Bugbot Autofix determined this is a false positive.
ALL_CHAIN_TYPES currently contains 10 entries and does not include ChainType::Spark, so the reported regression is not present.
This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
| "expected account ledger entry", | ||
| )), | ||
| } | ||
| } |
There was a problem hiding this comment.
Unused function soroban_rpc_get_account is dead code
Low Severity
The soroban_rpc_get_account function is defined but never called anywhere in the codebase. It appears to have been written for sequence number fetching but the build_stellar_exact flow uses a null source account with sequence 0 instead. This is ~80 lines of dead code that will produce a compiler warning.
Reviewed by Cursor Bugbot for commit b143241. Configure here.
There was a problem hiding this comment.
Bugbot Autofix determined this is a false positive.
There is no soroban_rpc_get_account definition in the current codebase, so this dead-code warning does not apply.
This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
1 participant
Summary
Adds full Stellar support to OWS: wallet creation (G-address derivation), message signing (SEP-53), transaction signing, Soroban smart contract authorization, x402 USDC payments on Stellar, and pre-wired MoonPay funding.
m/44'/148'/{index}'derivation, three networks (pubnet, testnet, futurenet)sign_inner_authorizationstrait method onChainSignerwith default no-op (zero impact on other chains). Stellar override transparently detectsInvokeHostFunctionops and signs matching auth entries inside transaction envelopesinvokeHostFunctioncallingtransfer(from, to, amount)on USDC contract, with simulation, auth signing, and fee estimationsoroban_authmodule withbuild_auth_preimage_xdrandformat_auth_signaturefor reusestellaradded toMOONPAY_CHAINS; will work with zero code changes when MoonPay Agents API adds Stellarextensions.bazaarfor Bazaar discovery indexingStellar on OWS
Supported Networks
stellar:pubnetstellarPublic Global Stellar Network ; September 2015stellar:testnetstellar-testnetTest SDF Network ; September 2015stellar:futurenetstellar-futurenetTest SDF Future Network ; October 2022CLI Usage
How Soroban Auth Signing Works
When
sign send-txreceives a transaction containingInvokeHostFunction:SorobanAuthorizationEntrywithAddresscredentials matching the wallet's pubkey and unsigned (Void) signature:HashIdPreimage::SorobanAuthorization(network ID, nonce, expiration, invocation)ScVal::Vec([ScVal::Map({public_key, signature})])(standard__check_authformat)SourceAccountcredentialsThis is transparent — no Soroban-specific CLI flags needed. The caller builds and simulates the transaction externally, passes the envelope to OWS.
x402 Payment Flow on Stellar
ows pay requesthandles Stellar x402 payments end-to-end:InvokeHostFunctiontx callingtransfer(from, to, amount)on the USDC contractArchitecture
ows-coreows-signerStellarSigner,soroban_authhelpers,sign_inner_authorizationsows-libsign_and_sendpipeline,sign_stellar_auth_entry, policy enforcementows-payWalletAccessDesign Decisions
sign_inner_authorizationsis a trait method with default no-op — only Stellar overrides it; all other chains are unaffectedows-signer/soroban_auth— used bysign_inner_authorizations; x402 keeps its own inline copy to avoid addingows-signeras a dependency ofows-payows fund deposit --chain stellarreturns MoonPay's 400 today but will work with zero changes when they add Stellar to the Agents APITest plan
cargo checkpasses cleanlycargo test -p ows-signer— 291 passed, 0 failed (13 newsign_inner_authorizationstests + 2soroban_authtests + fixed pre-existingtest_sign_soroban_auth_equivalence)cargo test -p ows-lib— 148 passed, 0 failedsign_inner_authorizationsunchangedows sign send-tx --chain stellar-testnetwith a real Soroban envelopeows pay requestagainst an x402 endpoint accepting Stellar USDC🤖 Generated with Claude Code
Note
High Risk
High risk: introduces a new chain family (Stellar) and modifies core signing/broadcast and payment flows, including inner-authorization signing and new network/RPC handling.
Overview
Stellar is now a supported chain family across the CLI, core registry, and docs (CAIP-2
stellar:*, BIP-44 coin type148, derivation pathm/44'/148'/0', and default RPC endpoints for testnet/futurenet).Core signing flow is extended to support chain-specific inner authorization signing via
ChainSigner::sign_inner_authorizations(default no-op), and the main sign→encode→broadcast pipeline now invokes this hook before signing the outer transaction; Stellar broadcasting is added using Soroban RPC JSON-RPCsendTransactionwith base64-encoded XDR plus improved error enrichment.x402 payments gain Stellar support:
ows-paycan now build/simulate Soroban USDCtransfertransactions, sign Soroban auth preimages via a newWalletAccess::sign_stellar_authhook, re-simulate for accurate fees, and forwardextensionsin x402 v2 payloads; the CLI adds a--networkoverride for payment requests and MoonPay funding addsstellaras a target chain.Reviewed by Cursor Bugbot for commit b143241. Bugbot is set up for automated code reviews on this repo. Configure here.