[Release] Hotfix - OpenRouter auto negative pricing

.github/workflows/provider-smoke-tests.yml

@@ -0,0 +1,69 @@
+name: Provider Smoke Tests
+
+on:
+  push:
+    branches: [master]
+    paths:
+      - 'packages/tests/provider-smoke/**'
+      - 'packages/sdk/ts/**'
+      - 'packages/app/server/**'
+      - 'packages/app/control/**'
+      - '.github/workflows/provider-smoke-tests.yml'
+
+jobs:
+  provider-smoke-tests:
+    name: Run Provider Smoke Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 40
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install pnpm
+        run: npm install -g pnpm
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+
+      - name: Install workspace dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Wait for Railway Deployment
+        env:
+          RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}
+        run: |
+          echo "Installing Railway CLI..."
+          npm install -g @railway/cli
+
+          echo "Waiting for Railway deployment to complete..."
+          railway status --service echo --environment staging || echo "Service status check failed, continuing..."
+
+          echo "Waiting for deployment to be ready..."
+          max_attempts=90
+          attempt=0
+          while [ $attempt -lt $max_attempts ]; do
+            if curl -f -s -o /dev/null https://echo-staging.up.railway.app/health 2>/dev/null; then
+              echo "Deployment is ready!"
+              break
+            fi
+            attempt=$((attempt + 1))
+            echo "Attempt $attempt/$max_attempts: Deployment not ready yet, waiting 10 seconds..."
+            sleep 10
+          done
+
+          if [ $attempt -eq $max_attempts ]; then
+            echo "Deployment did not become ready in time (waited 15 minutes)"
+            exit 1
+          fi
+
+      - name: Run Provider Smoke Tests
+        working-directory: ./packages/tests/provider-smoke
+        env:
+          ECHO_DATA_SERVER_URL: https://echo-staging.up.railway.app/
+          ECHO_API_KEY: ${{ secrets.ECHO_API_KEY }}
+          ECHO_APP_ID: a4e9b928-cac0-4952-9b4e-3be01aaff45b
+        run: pnpm run test

Dockerfile.railway

@@ -91,6 +91,10 @@ COPY packages/sdk/component-registry/ ./packages/sdk/component-registry/
 WORKDIR /app
 RUN pnpm install
 
+# Build SDK first to ensure latest version is used
+WORKDIR /app
+RUN pnpm exec turbo run build --filter=@merit-systems/echo-typescript-sdk
+
 # Build only what's needed for the server
 WORKDIR /app
 RUN SKIP_ENV_VALIDATION=true pnpm exec turbo run build --filter=echo-server
@@ -103,7 +107,7 @@ WORKDIR /app/packages/app/server
 RUN pnpm run copy-prisma
 
 # Step 4: Install production dependencies only
-RUN pnpm install
+RUN pnpm install --prod
 
 # Expose the port that echo-server runs on
 EXPOSE 3069

packages/app/server/package.json

@@ -43,6 +43,7 @@
   "dependencies": {
     "@coinbase/cdp-sdk": "^1.34.0",
     "@coinbase/x402": "^0.6.5",
+    "@e2b/code-interpreter": "^2.0.1",
     "@google-cloud/storage": "^7.17.1",
     "@google/genai": "^1.20.0",
     "@merit-systems/echo-typescript-sdk": "workspace:*",

packages/app/server/src/handlers.ts

@@ -23,34 +23,45 @@ import {
 } from 'services/facilitator/x402-types';
 import { Decimal } from '@prisma/client/runtime/library';
 import logger from 'logger';
+import { Request, Response } from 'express';
 
-export async function handleX402Request({
-  req,
-  res,
-  headers,
-  maxCost,
-  isPassthroughProxyRoute,
-  provider,
-  isStream,
-}: X402HandlerInput) {
-  if (isPassthroughProxyRoute) {
-    return await makeProxyPassthroughRequest(req, res, provider, headers);
+export async function refund(
+  paymentAmountDecimal: Decimal,
+  payload: ExactEvmPayload
+) {
+  try {
+  const refundAmountUsdcBigInt = decimalToUsdcBigInt(paymentAmountDecimal);
+    const authPayload = payload.authorization;
+    await transfer(authPayload.from as `0x${string}`, refundAmountUsdcBigInt);
+  } catch (error) {
+    logger.error('Failed to refund', error);
   }
+}
 
-  // Apply x402 payment middleware with the calculated maxCost
+export async function settle(
+  req: Request,
+  res: Response,
+  headers: Record<string, string>,
+  maxCost: Decimal
+): Promise<
+  { payload: ExactEvmPayload; paymentAmountDecimal: Decimal } | undefined
+> {
   const network = process.env.NETWORK as Network;
 
   let recipient: string;
   try {
     recipient = (await getSmartAccount()).smartAccount.address;
   } catch (error) {
-    return buildX402Response(req, res, maxCost);
+    buildX402Response(req, res, maxCost);
+    return undefined;
   }
+
   let xPaymentData: PaymentPayload;
   try {
     xPaymentData = validateXPaymentHeader(headers, req);
   } catch (error) {
-    return buildX402Response(req, res, maxCost);
+    buildX402Response(req, res, maxCost);
+    return undefined;
   }
 
   const payload = xPaymentData.payload as ExactEvmPayload;
@@ -62,100 +73,101 @@ export async function handleX402Request({
   // Note(shafu, alvaro): Edge case where client sends the x402-challenge
   // but the payment amount is less than what we returned in the first response
   if (BigInt(paymentAmount) < decimalToUsdcBigInt(maxCost)) {
-    return buildX402Response(req, res, maxCost);
+    buildX402Response(req, res, maxCost);
+    return undefined;
   }
 
   const facilitatorClient = new FacilitatorClient();
+  const paymentRequirements = PaymentRequirementsSchema.parse({
+    scheme: 'exact',
+    network,
+    maxAmountRequired: paymentAmount,
+    resource: `${req.protocol}://${req.get('host')}${req.url}`,
+    description: 'Echo x402',
+    mimeType: 'application/json',
+    payTo: recipient,
+    maxTimeoutSeconds: 60,
+    asset: USDC_ADDRESS,
+    extra: {
+      name: 'USD Coin',
+      version: '2',
+    },
+  });
+
+  const settleRequest = SettleRequestSchema.parse({
+    paymentPayload: xPaymentData,
+    paymentRequirements,
+  });
+
+  const settleResult = await facilitatorClient.settle(settleRequest);
+
+  if (!settleResult.success || !settleResult.transaction) {
+    buildX402Response(req, res, maxCost);
+    return undefined;
+  }
+
+  return { payload, paymentAmountDecimal };
+}
+
+export async function finalize(
+  paymentAmountDecimal: Decimal,
+  transaction: Transaction,
+  payload: ExactEvmPayload
+) {
+  const refundAmount = calculateRefundAmount(
+    paymentAmountDecimal,
+    transaction.rawTransactionCost
+  );
+
+  if (!refundAmount.equals(0) && refundAmount.greaterThan(0)) {
+    const refundAmountUsdcBigInt = decimalToUsdcBigInt(refundAmount);
+    const authPayload = payload.authorization;
+    await transfer(authPayload.from as `0x${string}`, refundAmountUsdcBigInt);
+  }
+}
+
+export async function handleX402Request({
+  req,
+  res,
+  headers,
+  maxCost,
+  isPassthroughProxyRoute,
+  provider,
+  isStream,
+}: X402HandlerInput) {
+  if (isPassthroughProxyRoute) {
+    return await makeProxyPassthroughRequest(req, res, provider, headers);
+  }
+
+  const settleResult = await settle(req, res, headers, maxCost);
+  if (!settleResult) {
+    return;
+  }
+
+  const { payload, paymentAmountDecimal } = settleResult;
+
   try {
-    // Default to no refund
-    let refundAmount = new Decimal(0);
-    let transaction: Transaction | null = null;
-    let data: unknown = null;
-
-    // Construct and validate PaymentRequirements using Zod schema
-    const paymentRequirements = PaymentRequirementsSchema.parse({
-      scheme: 'exact',
-      network,
-      maxAmountRequired: paymentAmount,
-      resource: `${req.protocol}://${req.get('host')}${req.url}`,
-      description: 'Echo x402',
-      mimeType: 'application/json',
-      payTo: recipient,
-      maxTimeoutSeconds: 60,
-      asset: USDC_ADDRESS,
-      extra: {
-        name: 'USD Coin',
-        version: '2',
-      },
-    });
-    // Validate and execute settle request
-    const settleRequest = SettleRequestSchema.parse({
-      paymentPayload: xPaymentData,
-      paymentRequirements,
-    });
-
-    const settleResult = await facilitatorClient.settle(settleRequest);
-
-    if (!settleResult.success || !settleResult.transaction) {
-      return buildX402Response(req, res, maxCost);
-    }
-
-    try {
-      const transactionResult = await modelRequestService.executeModelRequest(
-        req,
-        res,
-        headers,
-        provider,
-        isStream
-      );
-      transaction = transactionResult.transaction;
-      data = transactionResult.data;
-
-      // Send the response - the middleware has intercepted res.end()/res.json()
-      // and will actually send it after settlement completes
-      modelRequestService.handleResolveResponse(res, isStream, data);
-
-      refundAmount = calculateRefundAmount(
-        paymentAmountDecimal,
-        transaction.rawTransactionCost
-      );
-
-      // Process refund if needed
-      if (!refundAmount.equals(0) && refundAmount.greaterThan(0)) {
-        const refundAmountUsdcBigInt = decimalToUsdcBigInt(refundAmount);
-        const authPayload = payload.authorization;
-        await transfer(
-          authPayload.from as `0x${string}`,
-          refundAmountUsdcBigInt
-        ).catch(transferError => {
-          logger.error('Failed to process refund', {
-            error: transferError,
-            refundAmount: refundAmount.toString(),
-          });
-        });
-      }
-    } catch (error) {
-      // In case of error, do full refund
-      refundAmount = paymentAmountDecimal;
-
-      if (!refundAmount.equals(0) && refundAmount.greaterThan(0)) {
-        const refundAmountUsdcBigInt = decimalToUsdcBigInt(refundAmount);
-        const authPayload = payload.authorization;
-        await transfer(
-          authPayload.from as `0x${string}`,
-          refundAmountUsdcBigInt
-        ).catch(transferError => {
-          logger.error('Failed to process full refund after error', {
-            error: transferError,
-            originalError: error,
-            refundAmount: refundAmount.toString(),
-          });
-        });
-      }
-    }
+    const transactionResult = await modelRequestService.executeModelRequest(
+      req,
+      res,
+      headers,
+      provider,
+      isStream
+    );
+
+    modelRequestService.handleResolveResponse(
+      res,
+      isStream,
+      transactionResult.data
+    );
+
+    await finalize(
+      paymentAmountDecimal,
+      transactionResult.transaction,
+      payload
+    );
   } catch (error) {
-    logger.error('Error in handleX402Request', { error });
-    throw error;
+    await refund(paymentAmountDecimal, payload);
   }
 }
 

packages/app/server/src/middleware/transaction-escrow-middleware.ts

@@ -197,10 +197,10 @@ export class TransactionEscrowMiddleware {
     userId: string,
     echoAppId: string,
     requestId: string,
-    cleanupExecuted: boolean
+    cleanupState: { executed: boolean }
   ) => {
-    if (cleanupExecuted) return;
-    cleanupExecuted = true;
+    if (cleanupState.executed) return;
+    cleanupState.executed = true;
 
     // decrementInFlightRequests now handles its own errors gracefully
     await this.decrementInFlightRequests(userId, echoAppId);
@@ -215,21 +215,23 @@ export class TransactionEscrowMiddleware {
     echoAppId: string,
     requestId: string
   ) {
-    let cleanupExecuted = false;
+    // Use object to share state by reference across multiple event handlers
+    // This prevents duplicate cleanup execution when multiple events fire
+    const cleanupState = { executed: false };
 
     // Cleanup on response finish (normal case)
     res.on('finish', () =>
-      this.executeCleanup(userId, echoAppId, requestId, cleanupExecuted)
+      this.executeCleanup(userId, echoAppId, requestId, cleanupState)
     );
 
     // Cleanup on response close (client disconnect)
     res.on('close', () =>
-      this.executeCleanup(userId, echoAppId, requestId, cleanupExecuted)
+      this.executeCleanup(userId, echoAppId, requestId, cleanupState)
     );
 
     // Cleanup on error (if response errors out)
     res.on('error', () =>
-      this.executeCleanup(userId, echoAppId, requestId, cleanupExecuted)
+      this.executeCleanup(userId, echoAppId, requestId, cleanupState)
     );
   }