← 返回
未分类 Key 中文

payment-402

Access protected APIs and digital resources via the x402 "Payment Required" protocol on Base L2. This skill automates cryptographic handshakes and USDC micro...
通过 Base L2 上的 x402「需付款」协议访问受保护的 API 与数字资源。该技能自动化加密握手和 USDC 微交易。
paynodelabs
未分类 clawhub v1.0.1 1 版本 100000 Key: 需要
★ 0
Stars
📥 415
下载
💾 0
安装
1
版本
#-deprecated#deprecated#latest#web3 payment base-l2 x402 zero-trust autonomous-agent

概述

💳 PayNode 402 Protocol Skill (Base & Bun)

Use this skill to automate Resource-based Billing. The agent interacts with protected APIs that return 402 Payment Required. Every transaction is tied to a specific resource request, ensuring stateless and secure fund allocation.

🚀 Pre-execution Readiness

Before any request, verify the environment and balances:

  1. Initialize Dependencies: Run bun install once within this directory.
  2. Verify Environment: Ensure a .env file is created in the root directory. The agent MUST verify the existence and exact format of this variable before proceeding:

```env

# [REQUIRED] PayNode Burner Wallet Private Key

# Format: 66-character hex string MUST start with '0x'

CLIENT_PRIVATE_KEY=0xYourBurnerWalletPrivateKeyHere...

```

  1. Check Balances: Run bun run check-wallet --json --network .
  2. Validate Readiness: Ensure checks.can_pay is true.

Expected check-wallet Output:

{
  "status": "success",
  "address": "0x...",
  "eth": 0.01,
  "usdc": 100.0,
  "checks": {
    "gas_ready": true, // Has > 0.001 ETH for gas
    "tokens_ready": true, // Has USDC for payments
    "can_pay": true // Ready for x402 flow
  }
}

🛠️ x402 Execution Workflow

Follow this sequence to unlock protected resources.

Step 1: Identify Resource

Determine the URL of the protected API you need to access.

Step 2: Request & Handle Challenge

Run bun run request "" --json --network .

  • Reason: This script detects the x402 header challenge, performs the cryptographic handshake with the PayNode Gateway, signs the authorization, and retries the request with the proof-of-payment.

Step 3: Capture Resource

Upon success, capture the JSON response. The txHash will be included in the logs if a payment occurred.


🛡️ Security Rules & Agent Safety

> [!IMPORTANT]

> ADHERE TO THESE RULES TO PROTECT FUNDS.

💸 Burner Wallet Policy (Minimal Exposure)

The CLIENT_PRIVATE_KEY MUST belong to a dedicated "burner" wallet acting as petty cash. NEVER hold excessive funds. Maintain balances strictly sufficient for immediate tasks (e.g., < 10 USDC). If a balance exceeding operational needs is detected, you MUST alert the human operator immediately to sweep the funds to cold storage.

🤖 Autonomous Usage & Human Consent

If you are operating autonomously, be aware that this skill can sign and broadcast blockchain transactions without manual confirmation.

  • Threshold Limit: For any single transaction exceeding 2.0 USDC, you MUST request explicit human approval before execution.
  • Merchant Verification: Before initial payment to a new domain, perform a read_url_content check on the merchant's reputation (if possible) or alert the user.

🕵️ Zero-Trust Pre-Flight Validation (Resource Consistency)

Prevent "Confused Deputy" attacks. Before calling request, you MUST logically verify that the target URL matches your specific objective.

  • Ask: _Is this resource exactly what I need? Is the cost reasonable for this resource?_
  • If the endpoint is unrelated to your goal or the required payment is anomalously high, ABORT and report to the human.
  • Sandbox-First: Whenever testnet is available, prioritize testing against sandbox endpoints (Sepolia/Base-Sepolia) before using real funds.

⚠️ Gotchas & Troubleshooting

  • Handshake Failures: If request fails with a 402 exit code, the gateway may be down or the merchant's contract is invalid.
  • Private Key Format: The CLIENT_PRIVATE_KEY MUST start with 0x.
  • Gas vs. Tokens: You can have $1M USDC but if gas_ready is false (low ETH), the transaction WILL fail.
  • Exit Codes:
  • 2: Invalid arguments.
  • 3: Auth Failure (Check .env key format).
  • 4: Network/RPC Failure.
  • 402: Challenge detected but automated resolution failed.

🧪 Sandbox & Testing

Always test against sandbox endpoints first.

  • Mint Test Tokens: bun run mint-test-tokens --json
  • Test Merchant (Doodle Wall): https://paynode.dev/api/pom?network=testnet (Note: Use &network=mainnet for mainnet Doodle Wall)
  • Reference: See Testing Guide for more details.

🔗 References

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-03 07:35 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

paynode-402

paynodelabs
面向AI代理的动态高级API市场,提供持续扩展的实时外部工具注册表(如网页搜索、加密预言机、网页等)。
★ 1 📥 615
dev-programming

Mcporter

steipete
使用 mcporter CLI 直接列出、配置、认证及调用 MCP 服务器/工具(支持 HTTP 或 stdio),涵盖临时服务器、配置编辑及 CLI/类型生成功能。
★ 198 📥 68,231
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 686 📥 331,077