fix(ack-pay): validate receipt payment option

[EfeDurmaz16]

Summary

• validate that a PaymentReceipt paymentOptionId exists in the verified Payment Request token
• add a dedicated InvalidPaymentReceiptError for receipt-level semantic failures
• cover mismatched receipt payment options with a regression test
• add a patch changeset for @agentcommercekit/ack-pay

Why

A receipt currently proves a paymentRequestToken and selected paymentOptionId, but verification did not bind that selected option back to the verified request. This keeps receipt proof semantics aligned with the payment options actually offered by the request.

Verification

• corepack pnpm install --frozen-lockfile
• corepack pnpm --filter @agentcommercekit/ack-pay... build
• corepack pnpm --filter @agentcommercekit/ack-pay test -- --run
• corepack pnpm --filter @agentcommercekit/ack-pay check:types
• corepack pnpm check:format
• git diff --check

Notes

Initial targeted tests/typecheck failed before building workspace dependencies because local package exports resolve to dist. Building the ack-pay dependency graph fixed that, and the rerun passed. pnpm install reported an ignored better-sqlite3 build script, but this ACK-Pay path does not use it.

AI Usage Disclosure

This contribution was AI-assisted. Initial work used Codex CLI and the Codex app; the parsed-input hardening follow-up was completed with Claude Opus. AI assistance was used for repository/docs navigation, understanding ACK/Catena context, identifying relevant issues or contribution areas, and assisting with small edits/validation. I reviewed the final diff and take responsibility for the submitted changes.

Summary by CodeRabbit

• Bug Fixes

  • Receipt verification now enforces that the receipt's selected payment option exists in the original payment request.

• Tests

  • Expanded test coverage to assert receipt validation failures when payment options mismatch.

• Chores

  • Patch release update and added an explicit error type callers can catch for invalid payment receipts.

[coderabbitai]

Walkthrough

This PR adds payment option ID validation to the receipt verification flow. A new InvalidPaymentReceiptError type is introduced, validation logic checks that the receipt's paymentOptionId exists in the verified payment request's options, test coverage confirms the validation behavior, and a changeset documents the patch release.

Changes

Payment Option Validation

Layer / File(s)	Summary
InvalidPaymentReceiptError type definition packages/ack-pay/src/errors.ts	New exported error class with default message "Invalid payment receipt" and explicit name property.
Payment option ID validation implementation packages/ack-pay/src/verify-payment-receipt.ts	Import of InvalidPaymentReceiptError and runtime check that credentialSubject.paymentOptionId exists in paymentRequest.paymentOptions; throws InvalidPaymentReceiptError when no match is found.
Test coverage for payment option ID mismatch packages/ack-pay/src/verify-payment-receipt.test.ts	Test setup refactored to use scoped issuer keypair variables; import of InvalidPaymentReceiptError; new test case constructing a receipt with unmatched paymentOptionId and asserting rejection with InvalidPaymentReceiptError.
Release documentation .changeset/validate-receipt-payment-option.md	Changeset entry specifying patch release for @agentcommercekit/ack-pay documenting the validation requirement.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(ack-pay): validate receipt payment option' directly and concisely describes the main change: adding validation that a PaymentReceipt's paymentOptionId exists in the verified Payment Request token, which is the core objective of this PR.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.changeset/validate-receipt-payment-option.md (1)

5-5: ⚡ Quick win

Consider mentioning the new error type.

The changeset describes the validation behavior but doesn't mention that a new InvalidPaymentReceiptError is exported. Users reading the changelog may want to know about new error types they can catch.

📝 Suggested enhancement

-Validate that a PaymentReceipt paymentOptionId matches an option from the verified Payment Request token.
+Validate that a PaymentReceipt paymentOptionId matches an option from the verified Payment Request token. Introduces `InvalidPaymentReceiptError` for receipt validation failures.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.changeset/validate-receipt-payment-option.md at line 5, Update the
changeset text to explicitly mention the newly exported error type so consumers
know to catch it: add a line stating that the validation will throw/export
InvalidPaymentReceiptError when a PaymentReceipt paymentOptionId does not match
the verified Payment Request token; reference the exported symbol
InvalidPaymentReceiptError and briefly note that it can be imported and used for
error handling in client code.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.changeset/validate-receipt-payment-option.md:
- Line 5: Update the changeset text to explicitly mention the newly exported
error type so consumers know to catch it: add a line stating that the validation
will throw/export InvalidPaymentReceiptError when a PaymentReceipt
paymentOptionId does not match the verified Payment Request token; reference the
exported symbol InvalidPaymentReceiptError and briefly note that it can be
imported and used for error handling in client code.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 099e3e98-0b72-400c-bc66-1a1df2aa2922

📥 Commits

Reviewing files that changed from the base of the PR and between 6f65936 and c28c1e3.

📒 Files selected for processing (4)

• .changeset/validate-receipt-payment-option.md
• packages/ack-pay/src/errors.ts
• packages/ack-pay/src/verify-payment-receipt.test.ts
• packages/ack-pay/src/verify-payment-receipt.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c28c1e307d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Derive receipt option from the signed proof

For parsed-credential inputs, this new binding check reads credentialSubject.paymentOptionId from the caller-supplied object, but verifyParsedCredential() only validates proof.jwt and then runs claim checks against the current object. If a service accepts a parsed VC, an attacker can supply a valid receipt proof whose signed payload names one option, mutate this field to an offered option before verification, and this check passes even though the signed receipt did not bind that option. Reparse or derive the receipt fields from proof.jwt (or otherwise reject mutated parsed credentials) before enforcing the payment-option match.

Useful? React with 👍 / 👎.

[EfeDurmaz16]

Addressed the changeset nit in 5a4cb46 by mentioning the exported InvalidPaymentReceiptError for explicit receipt validation handling.\n\nVerification:\n- git diff --check\n- pnpm exec oxfmt --check .changeset/validate-receipt-payment-option.md

[ak68a]

Hey @EfeDurmaz16, thanks for the burst of contributions here.

Before we dig into individual PRs, one thing: our AI Usage Policy requires disclosure of AI tooling used in contributions, including the tool and the extent of assistance. Your PRs and issues don't include any disclosure, but we'd like to confirm: were any of these written or developed with AI assistance? If so, please update the PR descriptions accordingly. We hold all contributors to this standard, ourselves included.

Appreciate the initiative and will be reviewing each PR individually.

[EfeDurmaz16]

Hey @ak68a !

Yes, I used AI assistance, mainly Codex CLI and the Codex app. The assistance was mostly for understanding ACK/Catena context, navigating docs/issues, identifying possible contribution areas, and helping draft or validate small changes. I reviewed the final diffs myself and can explain the changes and why they were made.

I should have disclosed this in the PR descriptions from the start. I’ll update the open PRs with the tooling and extent of AI assistance so they comply with the policy.

Appreciate the clarification, and thanks for taking the time to review them individually.

[ak68a]

Looks good. One note for future reference: this check runs against parsedCredential.credentialSubject, which is trustworthy when the input is a JWT string (decoded from the signed payload) but is the caller-supplied object when the input is a pre-parsed credential.

The proof verification validates the JWT inside proof, but doesn't currently enforce that the outer object matches the signed payload. Not a blocker for this PR tho.

[ak68a]

Good fix, @EfeDurmaz16. A receipt could claim any paymentOptionId and verification wouldn't catch it. The implementation is clean and minimal.

One thing I want to flag. I dug into the security question re: parsed-credential path:

For JWT inputs (the primary path), parseJwtCredential() decodes from the signed payload, so parsedCredential.credentialSubject.paymentOptionId reflects the signed data.

For pre-parsed credential inputs, verifyParsedCredential() validates proof.jwt, but the new binding check reads from the outer parsedCredential object and not from the signed JWT payload directly.

In theory, a caller could supply a valid receipt proof whose signed payload names one option but mutate the outer object to name another.

That said, this is a pre-existing trust assumption in the VC verification pipeline, not something introduced by your PR. Your change is strictly better than having no check at all. We can open a separate issue to track tightening the parsed-credential binding in verifyParsedCredential itself.

[EfeDurmaz16]

Thanks for digging into that path.

Agreed, this sounds like a separate pre-existing trust boundary in the parsed credential verification flow rather than something this PR should expand into. I will keep this PR scoped to binding the receipt paymentOptionId against the verified payment request options.

I opened a focused follow-up issue for tightening verifyParsedCredential() so the outer parsed credential fields are bound back to the signed JWT payload: #105

[venables]

@EfeDurmaz16 — there are two open inline review threads on packages/ack-pay/src/verify-payment-receipt.ts (lines 120 and 124), both raising the same point: the new paymentOptionId binding check reads from parsedCredential.credentialSubject, which is trustworthy when the input is a JWT string (decoded from the signed payload) but is caller-supplied when the input is a pre-parsed credential. The same applies to the existing paymentRequestToken read on that object, so it may be pre-existing rather than something this PR introduces.

What are your thoughts on these two comments? Do you see it as in-scope to address here (e.g. deriving the option from the signed proof), or better tracked as separate follow-up? The comments have no replies, so I'm curious what your take is.

[EfeDurmaz16]

Thanks @venables — I went through the full path and I agree with both threads.

Mechanism: on the JWT-string input path, parseJwtCredential returns the credential reconstructed from the signed payload (verifyCredential().verifiableCredential), so paymentOptionId / paymentRequestToken / issuer are all trustworthy. On the parsed-credential path, verifyParsedCredential → verifyProof only verifies that proof.jwt is a validly-signed credential and then discards the decoded payload — every later check (claims, expiry, revocation, trusted-issuer) runs against the caller-supplied outer object. So a caller can attach any valid proof.jwt and set credentialSubject.paymentOptionId freely, and the binding check reads the spoofable field.

Scope: this is pre-existing rather than introduced here — the paymentRequestToken read just above has the identical exposure, and the trustedReceiptIssuers check compares the equally-caller-supplied outer issuer.id on this path. The new option-binding check inherits that trust model; on the JWT-string path (the documented usage) it does exactly what it should.

What I changed here: rather than leave the parsed path bypassable, I added a localized hardening — when the input is a parsed credential with a JWT proof, the receipt is now re-derived from proof.jwt (via the already-exported parseJwtCredential) before the paymentOptionId / paymentRequestToken reads, so they come from the signed payload. Added a regression test that a parsed credential whose outer credentialSubject.paymentOptionId is mutated to a valid option — while its signed proof names an option absent from the request — is now rejected (it fails without the change, passes with it). No public API change.

Still recommend a follow-up: the general fix belongs in @agentcommercekit/vc — after verifyProof validates proof.jwt, the credential fields should be derived from / reconciled against the decoded payload for every credential type (the trustedIssuers / claim checks share the same gap). That changes verification semantics library-wide, so I'd keep it as its own PR with dedicated tests rather than expand this one. Happy to open that issue and take it on.

Verification:

• pnpm --filter @agentcommercekit/ack-pay test -- --run (34 passing, incl. the new regression test)
• pnpm --filter @agentcommercekit/ack-pay check:types
• pnpm exec oxfmt --check / oxlint clean

[EfeDurmaz16]

General vc fix tracked as a follow-up in #108.