Cryptographic Billing & Autonomy Controls

Hybrid Middleware (hybrid_auth)

Every query routes through a validation middleware that executes standard token evaluation and seamlessly falls back to x402 web3 gateway routing when pre-paid credits are depleted.

# 1. Standard API Key validation (SHA-256 matching)
token_hash = hashlib.sha256(token.encode('utf-8')).hexdigest()
key_response = supabase.table("api_keys").select("id, tenant_id, is_revoked").eq("key_hash", token_hash).execute()

# 2. Tenancy Status Verification
tenant_response = supabase.table("tenant_agents").select("subscription_status").eq("id", tenant_id).execute()

# 3. Micro-balance Fallback (x402 Gateway Trigger)
if status != "active":
return await verify_x402_payment(request, x_transaction_signature)

x402 Micropayments Cryptographic Verification

When a transaction signature is passed to the x402 gateway, the system executes a trustless on-chain verification sequence:

1. Double-spend check is executed: query x402_transactions for the unique signature.
2. The gateway queries api.mainnet-beta.solana.com via JSON-RPC.
3. Decodes preTokenBalances and postTokenBalances for the treasury owner and USDC mint.
4. Calculates the delta net_received = post_usdc - pre_usdc.
5. Confirms transaction matches the target endpoint cost and burns the signature locally.

Ed25519 Wallet Rotation Verification

The /api/v1/auth/agent/update endpoint validates rotated public key ownership cryptographically to prevent account hijacking:

1. Decode the public key (new_wallet_address) from Base58 (32 bytes).
2. Decode the signature from Base58 or 64-byte hex representation.
3. Validate signature integrity against the public key bytes using cryptography standard Ed25519 routines.
4. Upon successful validation, updates tenant_agents, transfers balance accountability in billing_credits, and writes an audit log to agent_identity_logs.