Reference implementation of x402-BSV — stateless settlement-gated HTTP protocol over BSV
x402-bsv is an early-stage Go project in the AI payments / x402 ecosystem. It currently has 3 GitHub stars and 1 forks.
x402 uses HTTP 402 to require verifiable economic settlement before executing a request. Payment replaces identity: no accounts, no API keys, no subscriptions. The server issues a challenge, the client settles on-chain, and the proof unlocks the resource.
This repository is the reference implementation of the x402 protocol (v1.0, frozen). It enforces stateless verification, deterministic request binding, and on-chain settlement gating. The implementation has been validated through strict conformance audit, adversarial execution testing, and cross-language vector verification.
| Protocol specification | merkleworks-x402-spec (authoritative) |
| Reference implementation | this repository |
| Spec version | 1.0 (frozen) |
When implementation behavior diverges from the specification, the specification prevails.
x402 interoperability is defined by canonical test vectors. Independent implementations MUST reproduce these vectors byte-for-byte. Deviation indicates non-compliance with x402 v1.0.
# Local demo (zero-config: generates keys, in-memory pools, mock broadcaster)
make demo
# Or Docker demo (zero-config: generates keys, then runs gateway + delegator + Redis)
make docker-demo
# Or production deploy (requires .env — run `make setup` or `go run ./cmd/keygen` first)
make deploy
curl -i http://localhost:8402/v1/expensive
Expected response:
HTTP/1.1 402 Payment Required
X402-Challenge: eyJhbW91bnRfc2F0cyI6MTAwLC...
X402-Accept: bsv-tx-v1
The X402-Challenge header contains a base64url-encoded JSON challenge object. The server requires 100 satoshis to unlock /v1/expensive.
Open the Developer Playground at http://localhost:8402 and click Run Full Flow. The playground executes all six protocol steps:
X402-Proof headerExpected final result: HTTP 200 OK with the protected resource.
Client Server
| |
| GET /v1/expensive |
|------------------------------>|
| |
| 402 + X402-Challenge |
|<------------------------------|
| |
| [construct tx, sign, broadcast, build proof]
| |
| GET /v1/expensive |
| X402-Proof: <base64url> |
|------------------------------>|
| |
| 200 OK |
|<------------------------------|
X402-Challenge header containing the payment terms: amount, payee script, nonce UTXO, request binding hashes, and expiry.X402-Proof header containing the transaction, request binding, and challenge reference. Server verifies statelessly and serves the resource.The server does not trust the client. All verification is performed independently from the proof and on-chain data.
require_mempool_accept is true (default), the server verifies mempool acceptance before serving the resource. No execution occurs on pending or failed transactions.The file testdata/x402-vectors-v1.json contains 9 canonical test vectors. These vectors are normative -- they define the interoperability contract for x402 v1.0. All base64 encodings use base64url (RFC 4648, no padding). See VECTORS.md for the full specification.
Verify with Go:
go test ./internal/challenge/ -run TestVectors -v
Verify with Python (zero dependencies):
python3 testdata/verify_vectors.py
Expected: VERDICT: PASS -- all 25 checks passed
internal/gatekeeper/ Middleware: challenge issuance, proof verification, replay protection
internal/challenge/ Challenge struct, canonical JSON (RFC 8785), hashing, binding verification
internal/feedelegator/ Fee delegation: adds miner-fee inputs, signs only its own inputs
internal/pool/ UTXO pool management (nonce, fee, payment) — Redis or in-memory
internal/replay/ LRU replay detection cache (defence-in-depth, not a correctness gate)
internal/broadcast/ BSV transaction broadcasting (GorillaPool ARC, WhatsOnChain, mock)
cmd/server/ Gateway server (HTTP, middleware, dashboard, embedded delegator)
cmd/client/ CLI client (full 402 flow: challenge → tx → delegate → broadcast → proof)
cmd/vecgen/ Canonical test vector generator
client-js/ TypeScript client library (@merkleworks/x402-client)
dashboard/ React developer playground and monitoring dashboard
testdata/ Canonical test vectors, Python verifier, documentation
postman/ Postman collections for manual protocol testing
| Suite | Location | Purpose |
|---|---|---|
| Canonical JSON + vectors | internal/challenge/*_test.go |
RFC 8785 compliance, golden hash, vector consumption |
| Middleware + verification | internal/gatekeeper/middleware_test.go |
Replay rejection, tampered output/script detection |
| Adversarial | internal/gatekeeper/adversarial_test.go |
Binding replay, concurrent duplicate, mempool edge cases |
| E2E protocol flow | internal/gatekeeper/e2e_test.go |
Full 7-step flow, challenge round-trip, proof round-trip |
| Proof parsing | internal/gatekeeper/proof_test.go |
Format validation, required fields, status code mapping |
| Cross-language | testdata/verify_vectors.py |
Independent Python verification of all vectors |
Run all protocol tests:
go test ./internal/challenge/ ./internal/gatekeeper/ ./internal/replay/ -v
cp .env.example .env
# Edit .env — see comments for all options
Key variables:
| Variable | Required | Description |
|---|---|---|
XPRIV |
yes | BIP32 extended private key (HD wallet) |
BROADCASTER |
yes | mock (demo), woc (WhatsOnChain), composite (GorillaPool + WoC) |
FEE_RATE |
yes | Fee rate in sat/byte (BSV standard: 0.001) |
BSV_NETWORK |
no | mainnet or testnet (default: testnet) |
PORT |
no | HTTP port (default: 8402) |
REDIS_ENABLED |
no | true for persistent UTXO pools (default: false) |
Full configuration reference: docs/configuration.md
make build # Build server + client binaries
make test # Run all tests
make verify # Lint + test (pre-commit gate)
make demo # Start in demo mode (mock broadcaster, in-memory pools)
make client # Run CLI client against local server
Builds from tag v1.0.1-bsv-fix are deterministic given the same Go version and platform:
git checkout v1.0.1-bsv-fix
CGO_ENABLED=0 go build -o bin/x402-server ./cmd/server
docker build -t x402-gateway:v1.0.1 .
The x402 protocol specification (v1.0) is frozen. Changes to this implementation must preserve:
testdata/x402-vectors-v1.json must not change)If a change alters canonical encoding or verification behavior, it must be accompanied by updated test vectors and cross-language verification.
WhatsOnChain (WoC) UTXO endpoint:
200 with [] = valid address with no unspent outputs.200 with [{...}] = valid unspent output list.404 = endpoint failure or invalid route. MUST be treated as error. The watcher MUST NOT silently clear UTXOs on 404.Implementations MUST preserve exact value conservation in transaction construction. Any remainder MUST be represented as a change output when >= 1 sat. No value may be implicitly discarded into transaction fees. BSV does not enforce a dust threshold.
| Document | Description |
|---|---|
| Architecture | Components, settlement flow, key concepts |
| Configuration | Environment variables and .env setup |
| API Reference | Endpoints, headers, request/response formats |
| Deployment | Demo, Docker, production checklist |
| Testing | Test suites, Postman collections |
| Troubleshooting | Common issues and fixes |
| Transaction Guarantees | Value conservation, change rules, fee model |
| Operations | Deploy, verify, troubleshoot, restart |
| Audit Reference | Invariants, security posture, test coverage |
| Document | Description |
|---|---|
| Protocol | Specification hierarchy and protocol overview |
| Governance | Authority model and contribution policy |
| Contributing | Development setup and PR process |
| Security | Vulnerability reporting |
| Changelog | Release history |
This release removes all BTC-era dust threshold assumptions and enforces BSV-correct transaction economics:
total_inputs = total_outputs + fee + change)This version (v1.0.1-bsv-fix) is considered economically correct and production-stable. All transaction value flows are explicit, deterministic, and fully tested.
Apache License 2.0 -- see LICENSE.
Your AI trading terminal assistant for US stocks, commodities, forex, and crypto.
Golang SDK for A2A Protocol
Publishes localhost services to the agentic web through self-hostable, trustless relays with x402 payments.
Building blocks for Agentic payments (x402, MPP, AP2) for TypeScript, Rust, Go, Python, Ruby, PHP, Lua, Kotlin and Swift.
Building blocks for Agentic payments (x402, MPP, AP2) for TypeScript, Rust, Go, Python, Ruby, PHP, Lua, Kotlin and Swift.
Go implementation of the x402 payment protocol