x402 Policy Integration

x402 payments are policy-sensitive because an agent may sign an authorization that a facilitator settles later. Cortex verifies merchant, service, facilitator, amount, replay state, and the quote-bound payment payload hash before signing.

Pre-Sign Checks

• Merchant and service are registered, active, and hash-matched to the catalog.
• Facilitator, token, network, amount, and daily budget are allowed by policy.
• The normalized x402 payload hash equals the quote's x402PayloadHash.
• The signed payment hash has not already been recorded.

Normalizer

POST /x402/normalize accepts a single payment requirement or an accepts[] container, maps common x402 field names into a Cortex envelope, and returns the canonical hash.

{
  "schema": "cortex.x402-payment-requirement.v1",
  "scheme": "exact",
  "network": "base-sepolia",
  "pay_to": "0x...",
  "asset": "0x...",
  "amount": "1000000",
  "resource": "https://merchant.example/api/report",
  "method": "POST",
  "facilitator_url": "https://facilitator.example",
  "nonce": "quote-001"
}

Agent Flow

1. Fetch the merchant quote response.
2. Extract the payment requirement returned by the x402 endpoint or facilitator.
3. Normalize and hash the requirement locally or through the hosted API.
4. Compare the returned hash with the quote's x402PayloadHash.
5. Run policy checks, then sign only if both hash and policy pass.

Remaining Work

• Scheme-specific signature verification for EIP-3009 and Permit2.
• Facilitator settlement reconciliation for receipts.
• Production facilitator domain and settlement address allowlists.