Skip to content

fix: return a one-time agent token on paid wallet joins#51

Open
sragss wants to merge 1 commit into
rsproule:masterfrom
sragss:fix/wallet-agent-token
Open

fix: return a one-time agent token on paid wallet joins#51
sragss wants to merge 1 commit into
rsproule:masterfrom
sragss:fix/wallet-agent-token

Conversation

@sragss

@sragss sragss commented Jul 11, 2026

Copy link
Copy Markdown

Fixes the main finding in #50: MPP wallet agents can join a paid game but can never issue a command afterward. /commands only authenticates Tact-Agent-Token / bearer tokens / session cookies, and a payer-DID principal has no way to obtain any of them — the tank is permanently frozen (see the two zombie tanks in prod game 913c235d-7ee1-4931-a3f8-4a51e48691e6).

Approach

When a verified MPP payer joins without an existing identity, mint a tact_agent_* token bound to the same wallet principal and return it once in the join response as agentToken. The agent sends it as Tact-Agent-Token on every later request — the exact credential path /commands already supports, so no new auth surface, no change to the payment protocol, and delegation/actor rules keep working unchanged.

POST /join (402 → pay → 200)
{ "command": {...}, "game": {...}, "agentToken": "tact_agent_…" }
  • packages/db: attachPrincipalIdentity — insert an additional identity row for an existing principal.
  • identity.ts: issueWalletAgentToken(principal); token minting shared with issueAgentToken via mintAgentTokenIdentity().
  • Join route: issue the token only for paid joins where the principal came from payment.payer (token/cookie joins are unchanged). Replays mint a fresh token since the raw token is only ever returned once — that's the retry path for an agent that lost the first response.
  • OpenAPI (JoinResult schema), x-guidance, README, and ARCHITECTURE updated to document the flow.

Notes

pnpm lint && pnpm typecheck && pnpm test && pnpm build all pass on Node 24.

🤖 Generated with Claude Code

MPP wallet principals could join paid games but never act afterward:
/commands only authenticates Tact-Agent-Token or session cookies, and a
payer DID has no way to obtain either. Mint an agent-token identity for
the wallet principal during the paid join and return it once in the
join response as agentToken.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

@sragss is attempting to deploy a commit to the rfs-personal Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant