Last 12 weeks ยท 2 commits
2 of 6 standards met
Summary Add 30s fetch timeout with AbortController to prevent hanging requests in serverless environments Include timestamp in signed webhook payload to prevent replay attacks Sanitize merchant name to ensure valid HTTP header tokens per RFC 7230 Remove unnecessary session fetch in webhook methods Update README with correct payload format and API examples Test plan All existing tests pass (37 tests) Type-checking passes with no errors Linting passes on all source files Build succeeds ๐ค Generated with Claude Code
Repository: vercel/acp-handler. Description: Integrate the Agentic Commerce Protocol (ACP) into your servers Stars: 22, Forks: 4. Primary language: TypeScript. Languages: TypeScript (90%), Bru (10%). License: MIT. Homepage: https://acp-handler-chat-sdk-example.vercel.app Topics: acp, agentic, commerce, express, hono, nextjs, protocol. Open PRs: 4, open issues: 2. Last activity: 2mo ago. Community health: 50%. Top contributors: blurrah.
This upgrade fixes CVE-2025-55182, a React Server Components RCE vulnerability.
Summary Fixed 8 critical bugs in payment processing, idempotency, and state management: Idempotency race condition: Prevent double-payment execution when concurrent requests fail TTL mismatch: Align idempotency cache (1h โ 24h) with session TTL to prevent late retries Type safety: Add proper response type for complete handler order data FSM violations: Prevent illegal state transitions in update handler Error handling: Consistent exception handling across all handlers and storage Data corruption: Gracefully handle malformed JSON in session storage Data integrity**: Remove duplicate timestamp overwrites in storage layer All tests pass (37/37). Ready for review. ๐ค Generated with Claude Code