tempo-x402-node 1.6.0

Self-deploying x402 node: gateway + identity bootstrap + clone orchestration
tempo-x402-node-1.6.0 is not a library.

Clients sign EIP-712 payment authorizations, servers gate content behind 402 responses, and a facilitator settles payments on-chain via transferFrom — all in a single request/response cycle. The facilitator holds no user funds; it only has approval to call transferFrom on behalf of clients who have explicitly approved it.

Nodes are autonomous agents — they bootstrap their own identity, run a gateway, think via an LLM-powered soul, create services, clone themselves, and coordinate with peers.

Payment flow

Client                     Server                    Facilitator               Chain
  |  GET /resource           |                            |                      |
  |------------------------->|                            |                      |
  |  402 + price/token/to    |                            |                      |
  |<-------------------------|                            |                      |
  |  [sign EIP-712]          |                            |                      |
  |  GET /resource           |                            |                      |
  |  + PAYMENT-SIGNATURE     |                            |                      |
  |------------------------->|  POST /verify-and-settle   |                      |
  |                          |--------------------------->|  transferFrom()      |
  |                          |                            |--------------------->|
  |                          |         settlement result  |              tx hash |
  |                          |<---------------------------|<---------------------|
  |  200 + content + tx hash |                            |                      |
  |<-------------------------|                            |                      |
  1. Client requests a protected endpoint
  2. Server responds 402 with pricing (token, amount, recipient)
  3. Client signs an EIP-712 PaymentAuthorization, retries with PAYMENT-SIGNATURE header
  4. Facilitator atomically verifies signature, checks balance/allowance/nonce, calls transferFrom
  5. Server returns content + transaction hash

Quick start

cargo add tempo-x402

Make a paid request

use alloy::signers::local::PrivateKeySigner;
use x402::client::{TempoSchemeClient, X402Client};

#[tokio::main]
async fn main() {
    let signer: PrivateKeySigner = "0xYOUR_PRIVATE_KEY".parse().unwrap();
    let client = X402Client::new(TempoSchemeClient::new(signer));

    let (response, settlement) = client
        .fetch("https://your-gateway.example.com/g/my-api/data", reqwest::Method::GET)
        .await
        .unwrap();

    println!("{}", response.text().await.unwrap());
    if let Some(s) = settlement {
        println!("tx: {}", s.transaction.unwrap_or_default());
    }
}

Monetize any API

No code changes needed — the gateway proxies requests and handles payment:

# Register an endpoint
curl -X POST https://your-gateway.example.com/register \
  -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: <base64-payment>" \
  -d '{"slug": "my-api", "target_url": "https://api.example.com", "price": "$0.05"}'

# Clients pay through the gateway
curl https://your-gateway.example.com/g/my-api/users/123 \
  -H "PAYMENT-SIGNATURE: <base64-payment>"

Target APIs receive verification headers: X-X402-Verified, X-X402-Payer, X-X402-Amount, X-X402-TxHash.

Workspace

crates/
  tempo-x402/               Core library: types, EIP-712, TIP-20, nonce store, wallet, client SDK
  tempo-x402-gateway/       API gateway + embedded facilitator + payment middleware
  tempo-x402-identity/      Wallet generation, persistence, faucet, on-chain ERC-8004 identity
  tempo-x402-soul/          Autonomous cognition: plan-driven execution, neuroplastic memory, coding agent
  tempo-x402-node/          Self-deploying node: gateway + identity + soul + clone orchestration
  tempo-x402-app/           Leptos WASM dashboard (not published)
  tempo-x402-security-audit/  Security invariant tests (not published)
Crate Purpose Install
tempo-x402 Core — types, EIP-712 signing, TIP-20, nonce store, HMAC, WASM wallet, client SDK cargo add tempo-x402
tempo-x402-gateway API gateway with embedded facilitator, proxy routing, endpoint registration cargo add tempo-x402-gateway
tempo-x402-identity Agent identity — wallet generation, persistence, faucet, ERC-8004 cargo add tempo-x402-identity
tempo-x402-soul Autonomous soul — plan-driven execution, neuroplastic memory, Gemini-powered coding agent cargo add tempo-x402-soul
tempo-x402-node Self-deploying node — composes gateway + identity + soul + Railway clone orchestration cargo add tempo-x402-node

Feature flags

Crate Flag Description
tempo-x402 full (default) All features: async runtime, SQLite, HTTP client
tempo-x402 wasm WASM-compatible subset: types, EIP-712, wallet
tempo-x402 demo Demo private key for testing
tempo-x402-identity erc8004 (default) On-chain agent identity via ERC-8004
tempo-x402-node soul (default) Autonomous thinking loop
tempo-x402-node agent (default) Railway clone orchestration

Autonomous nodes

Nodes are self-managing agents that:

  • Bootstrap identity — generate wallet, fund via faucet, register on-chain
  • Run a gateway — serve endpoints, process payments, proxy upstream APIs
  • Think autonomously — plan-driven execution loop powered by Gemini with neuroplastic memory
  • Write code — read, write, edit files, run shell commands, commit, push, open PRs
  • Create services — script endpoints exposing the node's capabilities
  • Clone themselves — spawn copies on Railway infrastructure
  • Coordinate with peers — discover siblings, exchange endpoint catalogs, call paid services
  • Evolve via fitness — 5-component fitness score (economic, execution, evolution, coordination, introspection) with trend gradient

Gateway API

Method Path Auth Description
POST /register Platform fee Register a new endpoint
GET /endpoints Free List all active endpoints
GET/PATCH/DELETE /endpoints/:slug Owner Get, update, or deactivate an endpoint
ANY /g/:slug/* Endpoint price Proxy to target API
GET /analytics Free Per-endpoint payment stats
GET /instance/info Free Node identity, peers, fitness, endpoints
POST /instance/link Free Link an independent peer node
GET /soul/status Free Soul status, active plan, recent thoughts
POST /soul/chat Free Chat with the node's soul
POST /soul/nudge Free Send a nudge to the soul
GET /health Free Health check
GET /metrics Bearer token Prometheus metrics

Network
Chain Tempo Moderato (Chain ID 42431)
Token pathUSD 0x20c0000000000000000000000000000000000000 (6 decimals)
Scheme tempo-tip20
RPC https://rpc.moderato.tempo.xyz
Explorer https://explore.moderato.tempo.xyz

Prerequisites

# Fund your wallet with testnet pathUSD
cast rpc tempo_fundAddress 0xYOUR_ADDRESS --rpc-url https://rpc.moderato.tempo.xyz

# Approve the facilitator to spend your tokens
cargo run --bin x402-approve

Or programmatically:

use x402::tip20;
tip20::approve(&provider, token, facilitator_address, amount).await?;

Environment variables

Variable Used by Description
EVM_ADDRESS gateway Payment recipient address
EVM_PRIVATE_KEY client Client wallet private key
FACILITATOR_PRIVATE_KEY gateway, node Facilitator wallet key
FACILITATOR_SHARED_SECRET gateway HMAC shared secret for request auth
RPC_URL all Tempo RPC endpoint
GEMINI_API_KEY node Gemini API key (soul is dormant without it)
SOUL_CODING_ENABLED node Enable code write/edit/commit tools (false)
SOUL_FORK_REPO node Fork repo for soul push (e.g. user/tempo-x402)
SOUL_UPSTREAM_REPO node Upstream repo for PRs/issues
AUTO_BOOTSTRAP node Generate identity + wallet on startup
RAILWAY_TOKEN node Railway API token for clone orchestration

See each crate's CLAUDE.md for the full list.

Security

The tempo-x402-security-audit crate enforces invariants on every build:

  • No hardcoded private keys in production code
  • HMAC verification uses constant-time comparison (subtle crate)
  • All reqwest clients disable redirects (SSRF protection)
  • Webhook URLs require HTTPS with private IP blocking
  • HTTP error responses never leak internal details
  • SQLite nonce store required in production
  • Parameterized SQL queries only
  • Private keys never appear in tracing output

Additional hardening: EIP-2 high-s rejection, per-payer mutex locks against TOCTOU, nonces claimed before transferFrom (never released on failure), integer-only token arithmetic, SSRF protection with DNS validation, atomic slug reservation.

Live nodes

Node URL
x402-alpha https://x402-alpha-production.up.railway.app
soul-bot https://soul-bot-production.up.railway.app

Health: GET /health — Info: GET /instance/info

Development

cargo build --workspace
cargo test --workspace
cargo clippy --workspace -- -D warnings
cargo fmt --all -- --check

License

MIT