okx-agent-payments-protocol

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

OKX Agent Payments Protocol (Dispatcher)

OKX Agent Payments Protocol（调度器）

Unified entry point for three payment paths, distinguished by HTTP signature: accepts
-based 402 (challenge in body for v1 or

PAYMENT-REQUIRED

header for v2), WWW-Authenticate: Payment
402 (channel-capable, with

intent="charge"

"session"

), and a2a-pay (paymentId-based agent-to-agent links, no 402 required). This file owns the shared steps — protocol detection, payload decode, user confirmation gate, wallet status check — then dispatches into the right scheme/intent reference.

User-facing terminology — IMPORTANT
Rule 1 — Always call it "OKX Agent Payments Protocol", and always render it bolded. Use the exact English term OKX Agent Payments Protocol in user-visible messages regardless of the user's language, and always wrap it in markdown bold (
**OKX Agent Payments Protocol**
) so the user sees it emphasized. Keep it as a fixed English noun phrase even inside otherwise-Chinese sentences. Reserve protocol literals and internal identifiers for CLI invocations, HTTP headers, JSON payloads, and code — never speak them to the user.
Rule 2 — Do not narrate internal protocol detection. The dispatch logic (which header was detected, which reference is being loaded, which scheme/intent was selected, TEE vs local-key path) is internal — keep it internal. The user only needs to see: (a) what is being paid, (b) what they need to confirm, (c) the result.
Rule 3 — Externally-defined protocol literals stay byte-for-byte exact. The JSON field
x402Version
, the HTTP headers
X-PAYMENT
/
PAYMENT-SIGNATURE
/
PAYMENT-REQUIRED
/
WWW-Authenticate: Payment
, and the reference URL
https://x402.org
MUST appear verbatim wherever the protocol/server requires them — these are externally defined and changing them breaks interop. CLI subcommand names (
onchainos payment pay
/
pay-local
/
charge
/
session ...
/
a2a-pay ...
) are this CLI's own surface and may evolve; refer to them by their current name in CLI invocations and code, but never speak them to the user (Rule 2).
Example
(中)
准备通过 **OKX Agent Payments Protocol** 完成本次支付，下面是扣款明细，请确认……
(EN)
Preparing a payment via the **OKX Agent Payments Protocol**. Here are the charge details — please confirm before I proceed…

Progress narration counts as user-visible — Rules 1-3 still apply.
Long-running flows (decode → confirm → wallet check → sign → header assembly → replay) tempt status updates. Every
"正在…"
/
"I'm now…"
line is user-facing. Step labels in this SKILL.md (
Step A3-Accepts
,
Step A3-WWW-Authenticate
) and reference files (
exact
/
aggr_deferred
schemes,
charge
/
session
intents) are internal — do NOT echo them in narration.
❌ Don't say ✅ Say
"正在处理
accepts
-based 流程" / "Processing the
accepts
-based path"
"正在通过 OKX Agent Payments Protocol 处理本次支付" / "Processing the payment via the OKX Agent Payments Protocol"
"CLI 自动选择
exact
方案" / "CLI selected the
exact
scheme" / "走
aggr_deferred
路径"
"签名完成" / "Signing done"
"组装
PAYMENT-SIGNATURE
/
X-PAYMENT
头" / "Assembling the
PAYMENT-SIGNATURE
header"
"正在重放请求" / "Replaying the request"
"检测到
WWW-Authenticate: Payment
/
PAYMENT-REQUIRED
协议" / "Detected the channel-based protocol"
(silent — go straight to the confirmation prompt)
"加载
references/exact.md
" / "Loading the
exact
playbook"
(silent — internal routing)
"进入
session
模式 /
charge
模式" / "Entering
session
intent"
"支付通道已开" / "Channel opened" — describe the user-visible effect, not the internal mode
"TEE 路径 / 本地 key 路径" / "Using TEE signing path" (silent — signing path is internal)

❌ Don't say	✅ Say
"正在处理 `accepts` -based 流程" / "Processing the `accepts` -based path"	"正在通过 OKX Agent Payments Protocol 处理本次支付" / "Processing the payment via the OKX Agent Payments Protocol"
"CLI 自动选择 `exact` 方案" / "CLI selected the `exact` scheme" / "走 `aggr_deferred` 路径"	"签名完成" / "Signing done"
"组装 `PAYMENT-SIGNATURE` / `X-PAYMENT` 头" / "Assembling the `PAYMENT-SIGNATURE` header"	"正在重放请求" / "Replaying the request"
"检测到 `WWW-Authenticate: Payment` / `PAYMENT-REQUIRED` 协议" / "Detected the channel-based protocol"	(silent — go straight to the confirmation prompt)
"加载 `references/exact.md` " / "Loading the `exact` playbook"	(silent — internal routing)
"进入 `session` 模式 / `charge` 模式" / "Entering `session` intent"	"支付通道已开" / "Channel opened" — describe the user-visible effect, not the internal mode
"TEE 路径 / 本地 key 路径" / "Using TEE signing path"	(silent — signing path is internal)

Read
../okx-agentic-wallet/_shared/preflight.md
before any
onchainos
command. EVM only — CAIP-2
eip155:<chainId>
(run
onchainos wallet chains
for the list).

统一入口支持三种支付路径，通过HTTP签名区分：基于
accepts
的402（v1版本挑战内容在请求体，v2版本在

PAYMENT-REQUIRED

头）、WWW-Authenticate: Payment
402（支持通道，包含

intent="charge"

或

"session"

）以及a2a-pay（基于paymentId的代理间链接，无需402）。本文档负责共享步骤——协议检测、负载解码、用户确认校验、钱包状态检查——随后调度至对应方案/意图的参考文档。

用户可见术语说明——重要
规则1——始终称其为“OKX Agent Payments Protocol”，并始终以加粗格式显示。 不管用户使用何种语言，在用户可见的消息中都要使用确切的英文术语OKX Agent Payments Protocol，并始终用markdown加粗格式（
**OKX Agent Payments Protocol**
）包裹，让用户看到其被强调。即使在中文句子中，也要将其作为固定的英文名词短语保留。仅在CLI调用、HTTP头、JSON负载和代码中使用协议字面量和内部标识符——切勿向用户提及这些内容。
规则2——请勿描述内部协议检测逻辑。 调度逻辑（检测到哪个头、加载哪个参考文档、选择哪个方案/意图、TEE与本地密钥路径的选择）属于内部实现——请保持其私密性。用户仅需了解：(a) 支付对象是什么，(b) 需要确认的内容，(c) 支付结果。
规则3——外部定义的协议字面量需严格保持字节级一致。 JSON字段
x402Version
、HTTP头
X-PAYMENT
/
PAYMENT-SIGNATURE
/
PAYMENT-REQUIRED
/
WWW-Authenticate: Payment
以及参考URL
https://x402.org
在任何协议/服务器要求的场景中都必须原样呈现——这些是外部定义的内容，修改会破坏互操作性。CLI子命令名称（
onchainos payment pay
/
pay-local
/
charge
/
session ...
/
a2a-pay ...
）属于本CLI的对外接口，可能会演进；在CLI调用和代码中请使用其当前名称，但切勿向用户提及（遵循规则2）。
示例
(中)
准备通过 **OKX Agent Payments Protocol** 完成本次支付，下面是扣款明细，请确认……
(EN)
Preparing a payment via the **OKX Agent Payments Protocol**. Here are the charge details — please confirm before I proceed…

进度提示属于用户可见内容——仍需遵循规则1-3。
长流程（解码→确认→钱包检查→签名→头组装→重放）容易产生状态更新需求。每一条
"正在…"
/
"I'm now…"
的提示都是用户可见的。本SKILL.md中的步骤标签（
Step A3-Accepts
、
Step A3-WWW-Authenticate
）以及参考文档中的标签（
exact
/
aggr_deferred
方案、
charge
/
session
意图）均为内部标识——请勿在提示中回显这些内容。
❌ 禁止表述 ✅ 正确表述
"正在处理
accepts
-based 流程" / "Processing the
accepts
-based path"
"正在通过 OKX Agent Payments Protocol 处理本次支付" / "Processing the payment via the OKX Agent Payments Protocol"
"CLI 自动选择
exact
方案" / "CLI selected the
exact
scheme" / "走
aggr_deferred
路径"
"签名完成" / "Signing done"
"组装
PAYMENT-SIGNATURE
/
X-PAYMENT
头" / "Assembling the
PAYMENT-SIGNATURE
header"
"正在重放请求" / "Replaying the request"
"检测到
WWW-Authenticate: Payment
/
PAYMENT-REQUIRED
协议" / "Detected the channel-based protocol"
(静默处理——直接跳转至确认提示)
"加载
references/exact.md
" / "Loading the
exact
playbook"
(静默处理——内部路由)
"进入
session
模式 /
charge
模式" / "Entering
session
intent"
"支付通道已开" / "Channel opened" — 描述用户可见的结果，而非内部模式
"TEE 路径 / 本地 key 路径" / "Using TEE signing path" (静默处理——签名路径为内部实现)

❌ 禁止表述	✅ 正确表述
"正在处理 `accepts` -based 流程" / "Processing the `accepts` -based path"	"正在通过 OKX Agent Payments Protocol 处理本次支付" / "Processing the payment via the OKX Agent Payments Protocol"
"CLI 自动选择 `exact` 方案" / "CLI selected the `exact` scheme" / "走 `aggr_deferred` 路径"	"签名完成" / "Signing done"
"组装 `PAYMENT-SIGNATURE` / `X-PAYMENT` 头" / "Assembling the `PAYMENT-SIGNATURE` header"	"正在重放请求" / "Replaying the request"
"检测到 `WWW-Authenticate: Payment` / `PAYMENT-REQUIRED` 协议" / "Detected the channel-based protocol"	(静默处理——直接跳转至确认提示)
"加载 `references/exact.md` " / "Loading the `exact` playbook"	(静默处理——内部路由)
"进入 `session` 模式 / `charge` 模式" / "Entering `session` intent"	"支付通道已开" / "Channel opened" — 描述用户可见的结果，而非内部模式
"TEE 路径 / 本地 key 路径" / "Using TEE signing path"	(静默处理——签名路径为内部实现)

执行任何
onchainos
命令前，请先阅读
../okx-agentic-wallet/_shared/preflight.md
。仅支持EVM——CAIP-2
eip155:<chainId>
（运行
onchainos wallet chains
查看支持列表）。

Reference map

参考文档映射

Triggered by	Load
402 with `PAYMENT-REQUIRED` header (v2) or `x402Version` body field (v1), CLI returns no `sessionCert`	`references/exact.md`
402 with `PAYMENT-REQUIRED` header (v2) or `x402Version` body field (v1), CLI returns `sessionCert`	`references/aggr_deferred.md`
402 with `WWW-Authenticate: Payment` , `intent="charge"`	`references/charge.md`
402 with `WWW-Authenticate: Payment` , `intent="session"` (also: any mid-session op on a `channel_id` )	`references/session.md`
User mentions a paymentId / `a2a_...` link / "create payment link"	`references/a2a_charge.md`

触发条件	加载文档
带有 `PAYMENT-REQUIRED` 头（v2）或 `x402Version` 请求体字段（v1）的402响应，CLI未返回 `sessionCert`	`references/exact.md`
带有 `PAYMENT-REQUIRED` 头（v2）或 `x402Version` 请求体字段（v1）的402响应，CLI返回 `sessionCert`	`references/aggr_deferred.md`
带有 `WWW-Authenticate: Payment` 且 `intent="charge"` 的402响应	`references/charge.md`
带有 `WWW-Authenticate: Payment` 且 `intent="session"` 的402响应（也包括：对 `channel_id` 的任何会话中操作）	`references/session.md`
用户提及paymentId / `a2a_...` 链接 / "create payment link"	`references/a2a_charge.md`

Skill Routing

技能路由

Intent	Use skill
Token prices / charts / wallet PnL / tracker activities	`okx-dex-market`
Token search / metadata / holders / cluster analysis	`okx-dex-token`
Smart money / whale / KOL signals	`okx-dex-signal`
Meme / pump.fun token scanning	`okx-dex-trenches`
Token swaps / trades / buy / sell	`okx-dex-swap`
Authenticated wallet (balance / send / tx history)	`okx-agentic-wallet`
Public address holdings	`okx-wallet-portfolio`
Tx broadcasting ( `feePayer=false` hash mode)	`okx-onchain-gateway`
Security scanning (token / DApp / tx / signature)	`okx-security`

Channel mid-session ops (close / topup / settle / voucher / refund mentioned with an active

channel_id

, regardless of fresh 402) → stay here, jump straight into

references/session.md

at the matching phase. Do NOT search for a separate

close-channel

topup-channel

settle-channel

tool — they're all

onchainos payment session ...

subcommands.

意图	使用技能
代币价格/图表/钱包盈亏/追踪活动	`okx-dex-market`
代币搜索/元数据/持有者/集群分析	`okx-dex-token`
聪明资金/鲸鱼/KOL信号	`okx-dex-signal`
Meme/pump.fun代币扫描	`okx-dex-trenches`
代币兑换/交易/买入/卖出	`okx-dex-swap`
已认证钱包（余额/转账/交易历史）	`okx-agentic-wallet`
公地址资产持有	`okx-wallet-portfolio`
交易广播（ `feePayer=false` 哈希模式）	`okx-onchain-gateway`
安全扫描（代币/DApp/交易/签名）	`okx-security`

通道会话中操作（在活跃

channel_id

上下文附近提及close/topup/settle/voucher/refund，无论是否有新的402响应）→ 保留在本技能中，直接跳转至

references/session.md

对应阶段。请勿搜索单独的

close-channel

topup-channel

settle-channel

工具——这些均为

onchainos payment session ...

子命令的功能。

Path A: HTTP 402

路径A：HTTP 402

Step A1: Send the original request

步骤A1：发送原始请求

Make the HTTP request the user asked for. If status is not 402, return the body directly — no payment, no wallet check, no other tool calls.

执行用户要求的HTTP请求。如果响应状态不是402，直接返回响应体——无需支付、无需检查钱包、无需调用其他工具。

Step A2: Detect the protocol

步骤A2：检测协议

Priority 1: response.headers['WWW-Authenticate']
  starts with "Payment "        → continue at Step A3-WWW-Authenticate
Priority 2: response.headers['PAYMENT-REQUIRED']
  base64-encoded JSON           → continue at Step A3-Accepts (v2)
Priority 3: response body JSON has "x402Version"
                                → continue at Step A3-Accepts (v1)
Otherwise                       → not a supported payment protocol, stop

Both
WWW-Authenticate: Payment
and
PAYMENT-REQUIRED
/
x402Version
indicators present — STOP and ask the user:

The server offers two payment options via the OKX Agent Payments Protocol:

One-shot purchase, or streaming session (multi-request) (recommended)

One-shot purchase

Which would you like to use?

Internal mapping: option 1 →

WWW-Authenticate: Payment

path, option 2 →

PAYMENT-REQUIRED

x402Version

path.

优先级1: response.headers['WWW-Authenticate']
  以"Payment "开头        → 继续执行步骤A3-WWW-Authenticate
优先级2: response.headers['PAYMENT-REQUIRED']
  为base64编码的JSON           → 继续执行步骤A3-Accepts（v2版本）
优先级3: 响应体JSON包含"x402Version"字段                                → 继续执行步骤A3-Accepts（v1版本）
其他情况                       → 不支持该支付协议，终止流程

同时存在
WWW-Authenticate: Payment
和
PAYMENT-REQUIRED
/
x402Version
标识——终止流程并询问用户：

服务器通过 OKX Agent Payments Protocol 提供两种支付选项：

一次性购买或流式会话（多请求）（推荐）

一次性购买

您希望使用哪种方式？

内部映射：选项1 →

WWW-Authenticate: Payment

路径，选项2 →

PAYMENT-REQUIRED

x402Version

路径。

Step A3-Accepts: Decode

步骤A3-Accepts：解码

v2 — payload is in the

PAYMENT-REQUIRED

response header (base64-encoded JSON):

headerValue = response.headers['PAYMENT-REQUIRED']
decoded     = JSON.parse(atob(headerValue))

v1 — payload is in the response body (direct JSON, not base64):

decoded = JSON.parse(response.body)

Extract:

accepts = decoded.accepts          // pass full array to the CLI later
option  = decoded.accepts[0]       // for display only

Save

decoded

for header assembly later — you will need

decoded.x402Version

and

decoded.resource

(v2).

v2版本——负载位于

PAYMENT-REQUIRED

响应头中（base64编码的JSON）：

headerValue = response.headers['PAYMENT-REQUIRED']
decoded     = JSON.parse(atob(headerValue))

v1版本——负载位于响应体中（直接JSON格式，非base64编码）：

decoded = JSON.parse(response.body)

提取字段：

accepts = decoded.accepts          // 后续需将完整数组传入CLI
option  = decoded.accepts[0]       // 仅用于展示

保存

decoded

用于后续头组装——需要使用

decoded.x402Version

和

decoded.resource

（v2版本）。

Step A3-WWW-Authenticate: Decode

步骤A3-WWW-Authenticate：解码

Parse the WWW-Authenticate header:

Payment id="...", realm="...", method="evm", intent="...", request="<base64url>", expires="..."

base64url-decode

request

to get the JSON body. Save:

intent              charge | session
amount              base units string (e.g. "1000000")
currency            ERC-20 contract address
recipient           merchant payee address
methodDetails:
  chainId           EVM chain ID (e.g. 196 for X Layer)
  escrowContract    REQUIRED for session, ABSENT for charge
  feePayer          true (transaction mode) | false (hash mode)
  splits            optional, charge only, max 10 entries
  minVoucherDelta   optional, session only
  channelId         optional, session topUp/voucher only — pre-existing channel
suggestedDeposit    optional, session only — suggested initial deposit
unitType            optional — "request" | "second" | "byte" etc.

Method check — only

method="evm"

is supported here. If

method

"tempo"

"svm"

"stripe"

, etc. → stop and tell the user this dispatcher cannot handle it.

Challenge expiry — if

expires=...

(ISO-8601) is in the past, the challenge is dead: re-send the original request to get a fresh 402 before signing. Stale challenges fail with

30001 incorrect params

Convert

amount

from base units to human-readable using the token's decimals (typically 6 for USDC/USD₮, 18 for native).

解析WWW-Authenticate头：

Payment id="...", realm="...", method="evm", intent="...", request="<base64url>", expires="..."

对

request

进行base64url解码得到JSON体。保存以下字段：

intent              charge | session
amount              基础单位字符串（例如"1000000"）
currency            ERC-20合约地址
recipient           商家收款地址
methodDetails:
  chainId           EVM链ID（例如X Layer为196）
  escrowContract    session模式必填，charge模式无此字段
  feePayer          true（交易模式）| false（哈希模式）
  splits            可选字段，仅charge模式支持，最多10条记录
  minVoucherDelta   可选字段，仅session模式支持
  channelId         可选字段，仅session模式的topUp/voucher操作支持——预存在的通道
suggestedDeposit    可选字段，仅session模式支持——建议初始存款金额
unitType            可选字段——"request" | "second" | "byte"等

方法校验——仅支持

method="evm"

。如果

method

为

"tempo"

、

"svm"

、

"stripe"

等→终止流程并告知用户本调度器不支持该方式。

挑战过期检查——如果

expires=...

（ISO-8601格式）已过期，则挑战无效：重新发送原始请求获取新的402响应后再进行签名。过期挑战会返回

30001 incorrect params

错误。

使用代币的小数位数将

amount

从基础单位转换为人类可读格式（通常USDC/USD₮为6位，原生代币为18位）。

Step A4: Display payment details and STOP

步骤A4：展示支付明细并终止流程等待确认

⚠️ MANDATORY: Display details and STOP to wait for explicit user confirmation. Do NOT call
onchainos wallet status
or any other tool until the user confirms.

For accepts
-based 402 (

PAYMENT-REQUIRED

header v2 /

x402Version

body v1):

This resource requires payment via the OKX Agent Payments Protocol:
Network:
<chain name>
(
<option.network>
)
Token:
<token symbol>
(
<option.asset>
)
Amount:
<human-readable amount>
(from
option.amount
for v2, or
option.maxAmountRequired
for v1; convert from minimal units using token decimals)
Pay to:
<option.payTo>
Proceed with payment? (yes / no)

For WWW-Authenticate: Payment
402:

This resource requires payment via the OKX Agent Payments Protocol:
Payment type:
<one-shot purchase (charge) | streaming session (multi-request)>
Network:
<chain name>
(
eip155:<chainId>
)
Token:
<symbol>
(
<currency address>
)
Amount per request:
<human-readable>
(atomic:
<amount>
)
Pay to:
<recipient>
Who pays gas:
<server (transaction mode) | you broadcast it yourself (hash mode)>
Split recipients (one-shot only, if present):
<N other parties also receive a share>
Suggested prepaid balance (session only, if present):
<human-readable>
Proceed with payment? (yes / no)

User confirms → Step A5.
User declines → stop. No payment, no wallet check.

⚠️ 强制要求：展示明细后终止流程，等待用户明确确认。在用户确认前，请勿调用
onchainos wallet status
或任何其他工具。

对于基于
accepts
的402（

PAYMENT-REQUIRED

头v2版本 /

x402Version

请求体v1版本）：

该资源需通过 OKX Agent Payments Protocol 完成支付：
网络:
<链名称>
(
<option.network>
)
代币:
<代币符号>
(
<option.asset>
)
金额:
<人类可读金额>
（v2版本来自
option.amount
，v1版本来自
option.maxAmountRequired
；使用代币小数位数从最小单位转换）
收款方:
<option.payTo>
是否继续支付？（是/否）

对于**

WWW-Authenticate: Payment

402**：

该资源需通过 OKX Agent Payments Protocol 完成支付：
支付类型:
<一次性购买（charge）| 流式会话（多请求）>
网络:
<链名称>
(
eip155:<chainId>
)
代币:
<代币符号>
(
<currency地址>
)
每次请求金额:
<人类可读金额>
（原子单位：
<amount>
）
收款方:
<recipient>
Gas支付方:
<服务器（交易模式）| 自行广播（哈希模式）>
拆分收款方（仅一次性购买模式，若存在）:
<N个其他参与方将获得份额>
建议预存余额（仅会话模式，若存在）:
<人类可读金额>
是否继续支付？（是/否）

用户确认 → 执行步骤A5。
用户拒绝 → 终止流程。无需支付、无需检查钱包。

Step A5: Check wallet status (only after the user explicitly confirms)

步骤A5：检查钱包状态（仅在用户明确确认后执行）

bash

onchainos wallet status

Logged in → Step A6.
Not logged in (
accepts
-based path) → ask the user to choose between (1) wallet login (TEE signing) or (2) local private key (
```
onchainos payment pay-local
```
,
```
exact
```
scheme only). Don't read files or check env vars until the user picks.
Not logged in (
WWW-Authenticate: Payment
path) → ask the user to log in via email OTP or AK. TEE-only — no local-key fallback for this path (only the
```
accepts
```
-based path has one).

bash

onchainos wallet status

已登录 → 执行步骤A6。
未登录（基于
accepts
的路径） → 询问用户选择（1）钱包登录（TEE签名）或（2）本地私钥（
```
onchainos payment pay-local
```
，仅支持
```
exact
```
方案）。在用户选择前，请勿读取文件或检查环境变量。
未登录（
WWW-Authenticate: Payment
路径） → 询问用户通过邮箱OTP或AK登录。仅支持TEE——该路径无本地密钥降级方案（仅基于
```
accepts
```
的路径支持）。

Step A6: Hand off to the scheme/intent reference

步骤A6：移交至对应方案/意图参考文档

Path	Action
`accepts` -based ( `PAYMENT-REQUIRED` header v2 / `x402Version` body v1)	Run `onchainos payment pay --accepts '<JSON.stringify(decoded.accepts)>'` . When the response comes back, look at whether `sessionCert` is present:<br>• `sessionCert` present → load `references/aggr_deferred.md` for header assembly + replay<br>• `sessionCert` absent → load `references/exact.md` for header assembly + replay<br>If the user picked the local-key fallback, run `onchainos payment pay-local` instead and load `references/exact.md` (only scheme this fallback supports).
`WWW-Authenticate: Payment` , `intent="charge"`	Load `references/charge.md` at "Decide mode".
`WWW-Authenticate: Payment` , `intent="session"`	Load `references/session.md` at "Phase S1: Open Channel" (or jump to S2 / S2b / S3 if the user is mid-session with an active `channel_id` ).

After the reference returns the assembled

X-PAYMENT

PAYMENT-SIGNATURE

header or

authorization_header

, replay the original request and surface the response to the user. Suggest follow-ups conversationally — never expose internal field names or skill IDs.

路径	操作
基于 `accepts` 的路径（ `PAYMENT-REQUIRED` 头v2版本 / `x402Version` 请求体v1版本）	执行 `onchainos payment pay --accepts '<JSON.stringify(decoded.accepts)>'` 。收到响应后，检查是否存在 `sessionCert` ：<br>• 存在 `sessionCert` → 加载 `references/aggr_deferred.md` 进行头组装+请求重放<br>• 不存在 `sessionCert` → 加载 `references/exact.md` 进行头组装+请求重放<br>如果用户选择本地密钥降级方案，执行 `onchainos payment pay-local` 并加载 `references/exact.md` （该降级方案仅支持此方案）。
`WWW-Authenticate: Payment` 且 `intent="charge"`	加载 `references/charge.md` 的“Decide mode”阶段。
`WWW-Authenticate: Payment` 且 `intent="session"`	加载 `references/session.md` 的“Phase S1: Open Channel”阶段（如果用户处于活跃 `channel_id` 的会话中，则直接跳转至S2/S2b/S3阶段）。

参考文档返回组装好的

X-PAYMENT

PAYMENT-SIGNATURE

头或

authorization_header

后，重放原始请求并将响应展示给用户。以对话方式建议后续操作——切勿暴露内部字段名或技能ID。

Path B: a2a-pay (paymentId-based, no 402)

路径B：a2a-pay（基于paymentId，无需402）

The user invokes this path explicitly — by mentioning a

paymentId

a2a_...

link, asking to "create a payment link", or asking to check a2a payment status.

用户通过明确调用触发该路径——提及

paymentId

a2a_...

链接、要求“创建付款链接”或查询a2a支付状态。

Step B1: Identify the role

步骤B1：识别角色

User says…	Load	Role
"create payment link" / "generate payment" / `--amount` / `--recipient`	`references/a2a_charge.md` → "Seller — Create"	Seller
Provides a `paymentId` / `a2a_...` to pay	`references/a2a_charge.md` → "Buyer — Pay"	Buyer
Provides a `paymentId` and asks for status	`references/a2a_charge.md` → "Status — Query"	Either

If the user says only "I want to pay" without a paymentId — STOP and ask the user to provide the seller-issued paymentId. Do not attempt anything else.

用户表述…	加载文档	角色
"create payment link" / "generate payment" / `--amount` / `--recipient`	`references/a2a_charge.md` → "Seller — Create"	卖家
提供 `paymentId` / `a2a_...` 链接要求支付	`references/a2a_charge.md` → "Buyer — Pay"	买家
提供 `paymentId` 并要求查询状态	`references/a2a_charge.md` → "Status — Query"	任意角色

如果用户仅表述“我要支付”但未提供paymentId——终止流程并要求用户提供卖家生成的paymentId。请勿执行其他操作。

Step B2: Wallet status

步骤B2：钱包状态

Both

create

and

pay

require a live wallet session. Run

onchainos wallet status

Logged in → proceed (load the reference and follow it).
Not logged in → ask the user to log in via
```
onchainos wallet login
```
or
```
onchainos wallet login <email>
```
. Do NOT sign without a live session.

创建和支付操作均需要活跃的钱包会话。执行

onchainos wallet status

：

已登录 → 继续流程（加载参考文档并执行）。
未登录 → 要求用户通过
```
onchainos wallet login
```
或
```
onchainos wallet login <email>
```
登录。无活跃会话时请勿执行签名操作。

Step B3: Hand off to

references/a2a_charge.md

步骤B3：移交至

references/a2a_charge.md

The reference contains the full create/pay/status flow including the auto-poll-to-terminal logic and trust-delegation note. Buyer-side trust is delegated to the upstream caller — the buyer signs whatever the on-server challenge declares. Cross-checking the paymentId against the agreed terms is the upstream's responsibility, NOT this dispatcher's.

该参考文档包含完整的创建/支付/状态查询流程，包括自动轮询至终端的逻辑和信任委托说明。买家侧的信任委托给上游调用方——买家签署服务器挑战声明的任何内容。核对paymentId与约定条款的责任属于上游调用方，而非本调度器。

Cross-cutting

通用规则

Reading seller errors (

WWW-Authenticate: Payment

/ a2a-pay)

解析卖家错误（

WWW-Authenticate: Payment

/ a2a-pay）

When the seller rejects, do NOT show raw JSON or just the numeric code. Extract the human-readable explanation in priority order, use the first non-empty match:

```
body.reason
```
(mppx, OKX TS Session)
```
body.detail
```
(RFC 9457 ProblemDetails)
```
body.message
```
```
body.msg
```
(OKX SA API)
```
body.error
```
```
body.title
```
(RFC 9457 short title — fallback only)
fallthrough — format the whole body and add the HTTP status

Format:

❌ Seller rejected:
<reason text>
(code
<code if present>
, HTTP
<status>
)

当卖家拒绝请求时，请勿展示原始JSON或仅显示数字错误码。按优先级提取人类可读的解释，使用第一个非空匹配项：

```
body.reason
```
（mppx, OKX TS Session）
```
body.detail
```
（RFC 9457 ProblemDetails）
```
body.message
```
```
body.msg
```
（OKX SA API）
```
body.error
```
```
body.title
```
（RFC 9457短标题——仅作为 fallback）
兜底方案——格式化整个响应体并添加HTTP状态码

格式示例：

❌ 卖家拒绝请求：
<原因文本>
（错误码
<若存在则显示>
, HTTP状态
<status>
）

Amount display

金额展示

All user-facing amounts in BOTH human and atomic form:

<human> (<atomic>)

, e.g.

0.0004 USDC (400)

1.5 ETH (1500000000000000000)

. Compute via

amount / 10^decimals

from the challenge

currency

token.

Token	Decimals	1 unit in minimal	Example
USDC	6	`1000000`	`1000000` → 1.00 USDC
USDT	6	`1000000`	`2500000` → 2.50 USDT
USDG	6	`1000000`	`500000` → 0.50 USDG
ETH	18	`1000000000000000000`	`10000000000000000` → 0.01 ETH

For any symbol not in the table: never assume — query

okx-dex-token

for the token's decimals first. If you cannot resolve them, render

<minimal> <symbol>

and append

unknown decimals — please double-check the seller-provided amount

. Do not block the flow.

所有用户可见的金额需同时显示人类可读格式和原子格式：

<人类可读> (<原子单位>)

，例如

0.0004 USDC (400)

、

1.5 ETH (1500000000000000000)

。通过挑战中

currency

代币的

amount / 10^decimals

计算得出。

代币	小数位数	1单位对应的最小单位	示例
USDC	6	`1000000`	`1000000` → 1.00 USDC
USDT	6	`1000000`	`2500000` → 2.50 USDT
USDG	6	`1000000`	`500000` → 0.50 USDG
ETH	18	`1000000000000000000`	`10000000000000000` → 0.01 ETH

对于未在表格中的代币：切勿假设小数位数——先调用

okx-dex-token

查询代币的小数位数。如果无法解析，显示

<最小单位> <代币符号>

并附加

未知小数位数——请仔细核对卖家提供的金额

。无需阻塞流程。

Suggest next steps

建议后续操作

After a successful payment + response, suggest conversationally:

Just completed	Suggest
Successful HTTP 402 replay	Check balance impact via `okx-agentic-wallet` ; or make another request to the same resource
Successful a2a payment	Verify post-payment balance via `okx-agentic-wallet`
402 on replay (expired)	Retry with a fresh signature
Channel session in progress	Issue another voucher when the next request arrives; close the channel when done

支付成功并返回响应后，以对话方式建议后续操作：

刚完成的操作	建议内容
HTTP 402请求重放成功	通过 `okx-agentic-wallet` 检查余额变化；或向同一资源发起另一个请求
a2a支付成功	通过 `okx-agentic-wallet` 验证支付后余额
重放时返回402（签名过期）	使用新签名重试请求
通道会话进行中	下次请求到达时生成新凭证；完成后关闭通道