Skip to content

fix(spend): unblock SpendRecord persist + clean tool result (solders typing tighten)#21

Merged
Germey merged 2 commits into
mainfrom
fix/confirm-signature-type
May 10, 2026
Merged

fix(spend): unblock SpendRecord persist + clean tool result (solders typing tighten)#21
Germey merged 2 commits into
mainfrom
fix/confirm-signature-type

Conversation

@acedatacloud-dev
Copy link
Copy Markdown
Member

@acedatacloud-dev acedatacloud-dev commented May 10, 2026

Summary

Two bugs in _confirm() (the post-send_raw_transaction confirmation
loop in api/core/spend_executor.py) caused every successful on-chain
spend to fall over before persisting the SpendRecord and returning a
result to the MCP caller. The chain side was actually fine — both bugs
hit after send_raw_transaction returned a tx signature, so USDC
moved on-chain but the DB never saw it, the agent saw a tool exception
error, and the next spend attempt would fail with NonceReplay because
the in-DB nonce counter never advanced past the on-chain last_nonce.

Two bugs, both modern-solders typing tightening

Bug 1 — Signature not str

status = await rpc.get_signature_statuses([signature])
# TypeError: argument 'signatures': 'str' object cannot be converted to 'Signature'

solana-py >= 0.34 / solders no longer accepts the base58 string here,
needs an actual Signature object.

Fix: wrap on entry: Signature.from_string(signature).

Bug 2 — TransactionConfirmationStatus enum not hashable

if s.confirmation_status in {"confirmed", "finalized"}:
# TypeError: unhashable type: 'solders.transaction_status.TransactionConfirmationStatus'

The enum value can't be looked up in a set of strings, even when its
string repr matches. (Older solders returned a plain string here, which
silently worked.)

Fix: coerce to lowercase short-name string before membership check:
str(s.confirmation_status).lower().rsplit(".", 1)[-1] — works against
both TransactionConfirmationStatus.Finalized (enum) and "finalized"
(plain string from older versions).

Live verification

Three real on-chain spends from devnet vault
9d36b255-0efd-4b12-9d74-304cdc0c0e0d (allow only api.acedata.cloud,
1 USDC daily, 0.1 USDC per-call):

try tx result before fix after fix
1 2gPpot9G...Yyf6aE tool exception (Bug 1), but USDC moved 4.00 → 3.99 n/a
2 (different sig) tool exception (Bug 2), USDC 3.99 → 3.98 n/a
3 249u8Pion...3y3D n/a clean isError: false, returns tx + nonce + Solscan, USDC 3.98 → 3.97

After the fix, aceguard_history shows the spend, aceguard_balance
returns balance_usdc=3.97 spent_today_usdc=0.02 daily_remaining_usdc=0.98,
and the on-chain vault ATA balance matches the DB exactly.

The first two spends are real on-chain transfers that recorded nonce=1
and nonce=2 in the program's Policy account but didn't persist a
SpendRecord — that's an operational issue, not a code bug, and is out
of scope here. Future work could add a _confirm outer try/except that
inserts a SpendRecord even if the post-confirm path explodes, so the
chain and DB never diverge again.

Verification

  • uvx ruff check api/core/spend_executor.py — clean
  • Live E2E against https://x402guard.acedata.cloud/mcp/<TOKEN>
    third spend returned cleanly with finalized tx + Solscan URL
  • aceguard_history now lists the spend with full metadata
  • aceguard_balance daily counter ticked up correctly

Pairs with #18 (scheme:"exact") and #19 (CLI demo + README rewrite)
to make the full chain MCP -> aceguard_spend -> on-chain Anchor program -> SpendRecord persisted -> tool result returned work end-to-end on
the live x402guard.acedata.cloud devnet instance.

acedata-bot added 2 commits May 10, 2026 02:53
fix(spend): wrap signature in solders Signature before get_signature_…
8cc86f8 
…statuses

`solana-py >= 0.34` / `solders` strictly types `get_signature_statuses(...)` —
it now rejects a `List[str]` with `TypeError: argument signatures: str object
cannot be converted to Signature`. The on-chain spend itself succeeds
(send_raw_transaction returns a finalized tx), but the post-send confirm
loop blew up trying to convert the signature, so the SpendRecord never
got persisted in Postgres and the MCP tool returned an error to the
caller despite the chain having moved USDC.

Verified live against the production devnet endpoint (vault
9d36b255-..., tx
2gPpot9Gcx7wPQ6u7uiqyLEjCrEmtLd7HqPooE4qsarmseTuuxMm35AfYovi5cZ8qFGGjgBvtH1E2WWLo1Yyf6aE):

    "TypeError(\"argument signatures: str object cannot be converted to Signature\")"

Wrap on entry to `_confirm` with `Signature.from_string(signature)`. Caller
contract unchanged (still passes a `str`).
fix(spend): coerce confirmation_status enum to str before set membership
3439f00 
`solders.transaction_status.TransactionConfirmationStatus` is not hashable,
so `s.confirmation_status in {"confirmed","finalized"}` raises TypeError.
The on-chain spend already landed by the time we hit this; the bug only
prevents the SpendRecord from being persisted and a successful response
from being returned to the caller.

Verified live with the second devnet spend, vault balance 3.99 -> 3.98:
the chain side is fine, only the post-confirm path was busted.

Coerce via `str(s.confirmation_status).lower().rsplit(".", 1)[-1]` so it
works against both enum values like
TransactionConfirmationStatus.Finalized and plain strings (older solders).
@Germey Germey merged commit 11869f8 into main May 10, 2026
2 checks passed
acedatacloud-dev added a commit that referenced this pull request May 10, 2026
@acedatacloud-dev
docs(readme): customer-facing 60-second verification recipe + honest …
b63e8f6 
…pay_for_api caveat (#22)

Adds a "Live on devnet" badge + a quoted callout near the top with the
real 2026-05-10 verification result (3 spends, vault 4.00 -> 3.97 USDC,
finalized tx 249u8Pion...3y3D on Solscan). The customer who reported
"MCP could not be loaded" can now skim the top of the README, click the
Solscan link to confirm the on-chain side is live, and run the curl /
demo recipe to confirm their own MCP URL is healthy without any Claude
/ Cursor / SDK plumbing.

Concrete changes:
- "60-second verification" section near the top: 3 steps, all `curl` +
  `python scripts/demo.py`. End-state explicitly: "If steps 1-2 work,
  any `MCP could not be loaded` you see in Claude Desktop is a
  client-side problem".
- Spelled out the `aceguard_spend` request/response shape with a real
  finalized tx as the canonical example. Added the
  `recipient ATA must exist on devnet` pre-req inline (Anchor 3012),
  with the one-line `spl-token create-account` command to satisfy it.
- Pivoted Step 5 of the walkthrough from `pay_for_api` to
  `aceguard_spend`. Reason: api.acedata.cloud issues mainnet x402
  quotes (`EPjFWdd5...` mint, `5iVXFr...` payTo); the production
  x402guard deploy is on devnet, so the recipient ATA the on-chain
  program expects does not exist on this cluster. This is *expected*
  per .plans/X402GUARD.md and called out clearly so customers do not
  burn an afternoon trying to make that path work pre-mainnet flip.
- Updated Step 6 (boundary-in-action prompts) to use `aceguard_spend`
  invocations that map to actual Anchor errors today, instead of the
  pre-existing `pay_for_api` examples that no longer fire.

Pairs with #18 / #19 / #20 / #21. The mainnet flip stays the V2 step
.plans/X402GUARD.md already calls out (#11 / "Why devnet, not mainnet").

Co-authored-by: acedata-bot <bot@acedata.cloud>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Germey Germey Germey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@acedatacloud-dev @Germey