feat: add @hugen/plugin-x402-solana — Solana x402 payment support

[bartonguestier1725-collab]

Adds Solana network support to x402 payments for ElizaOS agents.

The existing plugin-x402 covers EVM chains. This plugin handles the Solana side — agents can pay for x402-protected APIs using Solana USDC (SPL token on mainnet).

Built on @x402/svm and @x402/fetch from the Coinbase x402 SDK.

What it does

• Wraps fetch() to handle 402 → Solana USDC payment → retry
• SSRF protection (IPv4, IPv6, IPv4-mapped IPv6, domain allowlist)
• Configurable payment limits and request timeouts
• Supports hex, base58, and JSON array key formats

Testing

• 38 unit tests (npm test)
• E2E verified against a live x402 API with real Solana USDC payment
• Tested on Node.js 24 (requires ≥20 per @solana/kit)

Links

• npm: @hugen/plugin-x402-solana
• GitHub: https://github.com/bartonguestier1725-collab/eliza-plugin-x402-solana

---

Registry Update Checklist

Registry:

• I've made the left side of the colon of JSON entry in index.json match the potential NPM package name
• I've used github not github.com
• There is no .git extension
• It's placed it alphabetically in the list
• I've dealt with commas properly so the list is still valid JSON

If not an eliza-plugins official repo, i.e. new plugin:

The plugin repo has:

• is publically accessible (not a private repo)
• uses main as it's default branch
• I have include elizaos-plugins in the topics in the GitHub repo settings. If the plugin is related to AI or crypto, please add those as topics as well.
• add simple description in github repo
• follows this convention

plugin-name/
├── images/
│   ├── logo.jpg
│   ├── banner.jpg
├── src/
│   ├── index.ts
│   ├── actions/
│   ├── providers/
│   └── state.ts
├── package.json
└── README.md

• an images/banner.jpg and images/logo.jpg and they
  • Use clear, high-resolution images
  • Keep file sizes optimized (< 500KB for logos, < 1MB for banners)
  • Include alt text for accessibility
• package.json has a agentConfig like the following

{
  "name": "@hugen/plugin-x402-solana",
  "version": "0.1.0",
  "agentConfig": {
    "pluginType": "elizaos:plugin:1.0.0",
    "pluginParameters": {
      "SOLANA_PRIVATE_KEY": {
        "type": "string",
        "description": "Solana wallet private key (base58, hex, or JSON array format)"
      }
    }
  }
}

[coderabbitai]

Walkthrough

Added a single entry to index.json mapping the package name @hugen/plugin-x402-solana to its GitHub repository location. This is a straightforward configuration addition with no functional changes or impact on control flow.

Changes

Cohort / File(s)	Summary
Package Index Entry index.json	Added mapping for @hugen/plugin-x402-solana package to GitHub repository github:bartonguestier1725-collab/eliza-plugin-x402-solana.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A new plugin joins the fold,
One entry added, clean and bold,
The index grows, the path is clear,
Solana magic, welcome here! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a new Solana x402 payment plugin to the registry with concise, meaningful phrasing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description includes all required checklist items explicitly checked off and provides comprehensive context about the plugin's functionality, testing, and compliance with repository standards.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Unit tests flagged in PR description — E2E verification preferred

The PR description highlights "38 unit tests" as its primary testing evidence. The project's contribution guidelines emphasize runtime E2E testing over mocked unit tests. The PR does mention E2E verification against a live x402 API, but it is framed as secondary. For registry acceptance, maintainers should confirm the plugin has been validated with real dynamic loading inside an ElizaOS runtime, not just standalone unit-test runs.

This does not block the index.json entry itself, but it is worth verifying before merging.

Context Used: Rule from dashboard - Runtime E2E testing only; no mocks or unit tests (source)

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[bartonguestier1725-collab]

Thanks for the review.

To clarify the testing situation:

Unit tests (38): These cover security-critical paths — SSRF protection (IPv4, IPv6, IPv4-mapped IPv6 hex normalization), USDC-only payment policy, domain allowlist validation, redirect blocking, and input sanitization. They run without network access.

E2E verification: I tested against a live x402 API server with a real Solana USDC payment on mainnet. The plugin successfully completed the full 402 → sign USDC transfer → retry → receive data flow. This was done as a standalone script using the compiled plugin, not inside a full ElizaOS runtime with dynamic loading.

What I haven't done yet: Full integration test inside an ElizaOS runtime with the plugin loaded via the character config. I'm happy to set that up and report back if it would help the review.