Add service job provider runtime#9
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 6eccf1e. Configure here.
| process.kill(pid, "SIGTERM"); | ||
| stopped += 1; | ||
| } catch {} | ||
| break; |
There was a problem hiding this comment.
Unconditional break prevents fallback to legacy PID files
Medium Severity
The break statement in the stop command's PID file loop is unconditional — it sits outside the try/catch, so it always executes after the first existing PID file is found, even when process.kill() throws (e.g., stale PID). This prevents the loop from falling through to check the legacy PID file path, which is the entire reason the loop and pidFiles array exist.
Reviewed by Cursor Bugbot for commit 6eccf1e. Configure here.
| "package-lock.json", | ||
| "tsconfig.json", | ||
| ]) { | ||
| const source = resolve(process.cwd(), relativePath); |
There was a problem hiding this comment.
Deploy bundle copies from cwd instead of CLI source
Medium Severity
copyRuntimeBundle resolves CLI source directories (bin, src, serve, etc.) relative to process.cwd(), but process.cwd() is the user's working directory, not the CLI package's installation directory. The init command correctly uses import.meta.url to locate scaffold files, but deploy does not, so the bundle will silently miss CLI source files if the command is run from a directory other than the repo root.
Reviewed by Cursor Bugbot for commit 6eccf1e. Configure here.
1 participant
Summary
acp servecommands for service-job provider runtimes: init, start, endpoints, deploy bundle, stop, logs--settle-8183reserved but disabled for x402/MPP until ERC-8183 service-job support existsNotes
ACP_AGENT_TOKENand outbound access to BETests
npm run buildtsx bin/acp.ts serve endpoints --dir /tmp/acp-cli-smoke --jsonNote
High Risk
Adds a new provider runtime that verifies and settles x402/MPP payments and signs on-chain transactions via a configured private key, which is security- and funds-critical. Also introduces new token-auth flows and deployment bundling that may affect how credentials and config are handled in production.
Overview
Adds a new
acp servefeature set to scaffold, run, and (optionally) deploy a provider-side “service-job” runtime that connects outbound to the BE/service-jobsSocket.IO namespace.The runtime loads a developer
handler.ts(plus optionalbudget.ts), serves a/healthendpoint, can run a native ACP listener for registry jobs, and for BE-mediated jobs builds payment challenges and verifies/settles x402 (EIP-3009 USDC) and MPP (tempo viamppx) credentials before invoking the handler;--settle-8183is explicitly reserved but blocked for x402/MPP.CLI/config/auth updates support the new flow: registers
servecommands (init/start/endpoints/deploy/stop/logs), adds agent-token issuance via/auth/agent(message signing) and stores it in config/env, centralizes API URL selection viagetApiUrl(), and adds new dependencies (@x402/*,mppx) plusviem/lockfile bumps.Reviewed by Cursor Bugbot for commit 6eccf1e. Bugbot is set up for automated code reviews on this repo. Configure here.