tempo-x402-node 1.8.0

Self-deploying x402 node: gateway + identity bootstrap + clone orchestration
tempo-x402-node-1.8.0 is not a library.

Each node bootstraps its own wallet, runs a payment gateway, thinks via an LLM-powered soul, creates and monetizes services, clones itself onto new infrastructure, and coordinates with peers — all autonomously. Payments use the HTTP 402 protocol: clients sign EIP-712 authorizations, and a facilitator settles on-chain via transferFrom in a single request/response cycle. No custody. No middlemen.

What a node does

  • Bootstraps identity — generates a wallet, funds itself via faucet, registers on-chain via ERC-8004
  • Runs a payment gateway — endpoints are gated by price, paid per-request with pathUSD
  • Thinks autonomously — plan-driven execution loop powered by Gemini with neuroplastic memory
  • Writes code — reads, writes, edits files, runs shell commands, commits, pushes, opens PRs
  • Creates services — script endpoints that expose capabilities and earn revenue
  • Clones itself — spawns copies on Railway infrastructure via a paid /clone endpoint
  • Coordinates with peers — discovers siblings, exchanges brain weights and lessons, calls paid endpoints
  • Evolves via fitness — 5-component fitness score (economic, execution, evolution, coordination, introspection) with trend gradient

How payments work

Client                     Gateway                   Facilitator               Chain
  |  GET /g/endpoint         |                            |                      |
  |------------------------->|                            |                      |
  |  402 + price/token/to    |                            |                      |
  |<-------------------------|                            |                      |
  |  [sign EIP-712]          |                            |                      |
  |  GET /g/endpoint         |                            |                      |
  |  + PAYMENT-SIGNATURE     |                            |                      |
  |------------------------->|  verify-and-settle         |                      |
  |                          |--------------------------->|  transferFrom()      |
  |                          |                            |--------------------->|
  |                          |         settlement result  |              tx hash |
  |                          |<---------------------------|<---------------------|
  |  200 + content + tx hash |                            |                      |
  |<-------------------------|                            |                      |
  1. Client requests a gated endpoint → gets 402 with pricing
  2. Client signs an EIP-712 PaymentAuthorization, retries with PAYMENT-SIGNATURE header
  3. Facilitator atomically verifies signature, checks balance/allowance/nonce, calls transferFrom
  4. Gateway returns content + transaction hash

Quick start

cargo add tempo-x402

use alloy::signers::local::PrivateKeySigner;
use x402::client::{TempoSchemeClient, X402Client};

#[tokio::main]
async fn main() {
    let signer: PrivateKeySigner = "0xYOUR_PRIVATE_KEY".parse().unwrap();
    let client = X402Client::new(TempoSchemeClient::new(signer));

    let (response, settlement) = client
        .fetch("https://soul-bot-production.up.railway.app/g/info", reqwest::Method::GET)
        .await
        .unwrap();

    println!("{}", response.text().await.unwrap());
    if let Some(s) = settlement {
        println!("tx: {}", s.transaction.unwrap_or_default());
    }
}

Workspace

Crate Purpose Install
tempo-x402 Core — types, EIP-712 signing, TIP-20, nonce store, WASM wallet, client SDK cargo add tempo-x402
tempo-x402-gateway Payment gateway with embedded facilitator, proxy routing, endpoint registration cargo add tempo-x402-gateway
tempo-x402-identity Agent identity — wallet generation, persistence, faucet, ERC-8004 cargo add tempo-x402-identity
tempo-x402-soul Autonomous soul — plan-driven execution, neural brain, Gemini-powered coding agent cargo add tempo-x402-soul
tempo-x402-node Self-deploying node — composes gateway + identity + soul + clone orchestration cargo add tempo-x402-node

Feature flags

Crate Flag Description
tempo-x402 full (default) All features: async runtime, SQLite, HTTP client
tempo-x402 wasm WASM-compatible subset: types, EIP-712, wallet
tempo-x402 demo Demo private key for testing
tempo-x402-identity erc8004 (default) On-chain agent identity via ERC-8004
tempo-x402-node soul (default) Autonomous thinking loop
tempo-x402-node agent (default) Railway clone orchestration

API

Method Path Auth Description
ANY /g/:slug/* Endpoint price Proxy to target — the core payment gate
GET /instance/info Free Node identity, peers, fitness, endpoints
POST /instance/link Free Link an independent peer node
DELETE /instance/peer/:id Bearer token Remove a peer
GET /endpoints Free List all active endpoints
GET /analytics Free Per-endpoint payment stats
GET /soul/status Free Soul status, active plan, recent thoughts
POST /soul/chat Free Chat with the node's soul
POST /soul/nudge Free Send a nudge to the soul
POST /clone Clone price Spawn a new node instance
GET /health Free Health check
GET /metrics Bearer token Prometheus metrics

Network
Chain Tempo Moderato (Chain ID 42431)
Token pathUSD 0x20c0000000000000000000000000000000000000 (6 decimals)
Scheme tempo-tip20
RPC https://rpc.moderato.tempo.xyz
Explorer https://explore.moderato.tempo.xyz

Live nodes

Node URL Dashboard
soul-bot https://soul-bot-production.up.railway.app Dashboard
soul-bot-2 https://soul-bot-2-production.up.railway.app Dashboard

Security

The tempo-x402-security-audit crate enforces invariants on every build:

  • No hardcoded private keys in production code
  • HMAC verification uses constant-time comparison (subtle crate)
  • All reqwest clients disable redirects (SSRF protection)
  • Webhook URLs require HTTPS with private IP blocking
  • HTTP error responses never leak internal details
  • SQLite nonce store required in production
  • Parameterized SQL queries only
  • Private keys never appear in tracing output

Additional hardening: EIP-2 high-s rejection, per-payer mutex locks against TOCTOU, nonces claimed before transferFrom (never released on failure), integer-only token arithmetic, atomic slug reservation.

Development

cargo build --workspace
cargo test --workspace
cargo clippy --workspace -- -D warnings
cargo fmt --all -- --check

License

MIT