1. Hook boundary
Place x402 in an optional middleware hook with explicit lifecycle points: quote, pre-authorization, verify, settle, receipt, and audit append.
OpenZeppelin Guardian #252 · agentic x402 facilitator module
Threat-model first: make Guardian’s x402 module opt-in, auditable, and policy-gated.
This packet is tailored to OpenZeppelin/guardian#252 and its parent modularization issue. It turns the draft “Guardian as an x402 payment facilitator” idea into a reviewable module boundary before live credentials, private account state, or settlement authority enter the design.
2. Policy gate
Require spending caps, resource allow-lists, expiry, replay protection, chain/token allow-lists, and user-visible approvals before any facilitator path can settle.
3. Receipt contract
Bind each x402 result to Guardian account id, delta/proposal id, resource URL, payment hash, facilitator response, and canonical audit timestamp.
Why this is the safe first paid slice
Guardian already has sensitive private-account state, delta/canonicalization concepts, auth, acknowledger, network, and storage components. An agentic payment module should not be a generic “call facilitator from server” feature; it needs a narrow boundary that preserves Guardian’s existing invariants.
This readback deliberately avoids live keys, private account material, payments, or facilitator credentials. The first implementation should be mocked, fail-closed, and feature-gated until maintainers decide what authority Guardian may hold on behalf of users.
Readiness checklist
- Module registration: config flag, capability metadata, and independently disabled default path.
- Request contract: deterministic resource id, max amount, chain id, token, expiry, nonce, user/account binding, and delta/proposal binding.
- Verifier seam: no network spend in unit tests; mocked 402 challenge, verify failure, settle failure, receipt success, and replay attempt fixtures.
- Policy controls: per-account caps, per-resource allow-list, supported-network list, approval timeout, and operator/admin audit logs.
- Failure modes: malformed payment header, stale quote, facilitator timeout, over-budget quote, unsupported network, duplicate settle, and post-signing rejection.
- Docs split: threat model, configuration, local mock flow, and a “not custody / not private-key delegation” operator warning.
Suggested PR split
- PR 1 — spec/docs: module threat model and hook lifecycle for x402, with acceptance criteria and no runtime changes.
- PR 2 — interfaces: typed Rust traits / TS client models for quote, verify, settle, and receipt records.
- PR 3 — mocked module: fail-closed x402 middleware behind a feature/config flag with fixture tests only.
- PR 4 — optional integration: maintainer-approved facilitator adapter and e2e test path using non-production credentials.
Relevant proof
x402 HTML paywall header fix
Cross-language payment-required header behavior with targeted TypeScript/Python tests. Malformed payment signature handling
Fail-closed 400 behavior for undecodable payment-signature headers. MetaMask x402 package hardening
Dependency reduction and address-validation tests for @metamask/x402. ChainSafe OCR x402 packet
Existing x402 SDK/module acceptance-matrix format for payment integration planning.
Cross-language payment-required header behavior with targeted TypeScript/Python tests. Malformed payment signature handling
Fail-closed 400 behavior for undecodable payment-signature headers. MetaMask x402 package hardening
Dependency reduction and address-validation tests for @metamask/x402. ChainSafe OCR x402 packet
Existing x402 SDK/module acceptance-matrix format for payment integration planning.