Payments

Payment lifecycle

Verified, paid, audited. Or 401 / 402 / refused. The gateway never proxies a paid call without a verified identity and a verified payment proof bound to the exact request.

The four states

401 Unauthorized — unknown agent

Identity evidence missing or invalid. No wallet signature, expired VC, untrusted issuer, or missing principal mapping. The gateway returns a bounded reason. Nothing reaches the upstream.

402 Payment Required — verified, unpaid

Identity is good and policy allows the call, but the call is paid. The gateway emits a payment challenge bound to this exact request. Replay against another request is rejected.

HTTP/1.1 402 Payment Required
Content-Type: application/json

{
  "type": "payment_required",
  "protocol": "x402",
  "requestSha256": "<sha256>",
  "challengeId": "chl_<placeholder>"
}

Verify proof — verify-first / settle-once

The agent retries with payment proof. The gateway runs verification before settlement. Settlement happens at most once per challenge. On any error the gateway never automatically retries settle — retry is an explicit operator action with idempotency.

  • EIP-3009 authorization payloads shipped
  • Verify-first / settle-once / never-retry invariant shipped
  • Triple-gate production opt-in shipped

200 OK — verified, paid, audited

The upstream provider sees a clean request. Response carries an X-AgentTrust-Receipt-Id header pointing at the canonical receipt. Audit chain receives a signed event.

x402 compatibility

  • x402 facilitator (sandbox + public testnet) shipped
  • public_x402 wire compatibility operator-gated
  • per-provider sandbox-proof audit chain shipped

public_x402 wire shape is implemented and accepted by the public facilitator at the structural layer. A live funded settle on public testnet still requires a funded testnet wallet and USDC — that is the operator-gated lane.

Receipts

Every successful paid call produces a signed receipt. See Receipts & proof for the receipt schema, signing, and offline verification.

Boundaries

  • Live x402 funded settle on public testnet is operator-gated.
  • Production rails sit behind a triple-gate operator opt-in.
  • No automatic retry; failed settle is an explicit operator decision.