Skip to content

[codex] refactor gateway paid-request verification flow#235

Draft
AnkanMisra wants to merge 1 commit into
mainfrom
codex/refactor-gateway-paid-request-flow
Draft

[codex] refactor gateway paid-request verification flow#235
AnkanMisra wants to merge 1 commit into
mainfrom
codex/refactor-gateway-paid-request-flow

Conversation

@AnkanMisra

@AnkanMisra AnkanMisra commented Jun 18, 2026

Copy link
Copy Markdown
Owner

What changed

This refactor extracts the shared paid-request verification and paid-response receipt flow out of the gateway's summarize handler and cache-hit path.

It adds a small gateway seam in gateway/payment_flow.go and rewires both handleSummarize and CacheMiddleware to use it.

Why

Before this change, the gateway duplicated the same x402 paid-request steps in two places:

  • header presence checks
  • timestamp parsing and validation
  • verifier timeout / availability mapping
  • verifier business rejection mapping
  • recovered-address validation
  • verification metric bumps
  • paid-response receipt emission

That duplication made the x402 flow harder to change safely and kept too much protocol behavior spread across gateway/main.go and gateway/cache.go.

Impact

  • No intended behavior change to the public API.
  • The unsigned 402 Payment Required path remains unchanged.
  • Cache hits and cache misses now share the same paid-request verification path.
  • The gateway has a cleaner seam for the next pass, which can centralize request-body validation separately.

Validation

  • cd gateway && go test ./... -run 'TestVerifyPaidRequest'
  • cd gateway && go test ./... -run 'TestHandleSummarize_NoHeaders|TestHandleSummarize|TestCacheHit|TestVerifyPaidRequest'
  • cd gateway && go test ./...
  • cd gateway && go vet ./...

Summary by CodeRabbit

Release Notes

  • Refactor

    • Streamlined payment verification and receipt generation with unified validation logic across payment flows.
    • Enhanced error handling for payment-related requests with improved HTTP status codes and user-facing error messages.
  • Tests

    • Added comprehensive test coverage for payment verification workflows, including timeout and error scenarios.

Co-authored-by: codex <codex@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 775e80c7-b9bc-4180-8059-ea24c0c6fc5b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • ✅ Review completed - (🔄 Check again to review again)
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/refactor-gateway-paid-request-flow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@vercel

vercel Bot commented Jun 18, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
microai-paygate Ready Ready Preview, Comment Jun 18, 2026 11:35am

@github-actions github-actions Bot added go Pull requests that update go code type:testing Tests, coverage, fixtures, or validation-only work. labels Jun 18, 2026
@AnkanMisra

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6f7c12b062

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread gateway/main.go
timestampValue, err := strconv.ParseUint(timestampHeader, 10, 64)
if err != nil || timestampValue == 0 {
respondError(c, 400, "invalid_timestamp", fmt.Errorf("invalid X-402-Timestamp header"))
payment, ok := verifyPaidRequest(c)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Validate the body before verifying payment

When CACHE_ENABLED=false (the default path where registerAPIRoutes attaches handleSummarize directly), this now calls verifyPaidRequest before the request body is read and size-limited below. The verifier claims a nonce after any valid signature, so a signed request with an oversized or otherwise unreadable body now gets rejected with 413/500 only after burning the payment nonce and cannot retry that signed payment; before this refactor, the MaxBytesReader body read happened before verifyPayment. Keep the verifier call after the body read/size guard, or split timestamp/header validation from nonce-claiming verification.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

go Pull requests that update go code type:testing Tests, coverage, fixtures, or validation-only work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant