The reference implementation currently uses a structural stub for x402 payment verification — it validates receipt shape (chain, currency, amount) but does not confirm on-chain settlement against an EVM RPC.
Replacing the stub requires choosing a trust model. The options as we see them:
Third-party RPC (Alchemy, Infura, etc.) — lowest implementation friction, but introduces an external dependency and a trust assumption that conflicts with the self-hosted, minimal-trust philosophy of the reference implementation.
Self-hosted EVM node — no external trust, but operationally heavy. Reasonable for a production deployment; probably too much for a reference implementation to mandate.
Signed proof / attestation — the payer provides a cryptographic proof of settlement that the server can verify without an RPC call. Cleanest for agents. Not yet standardised in x402 itself.
Light client / SPV-style — verify just enough of the chain state to confirm settlement without a full node. Theoretically attractive, practically immature for EVM.
We want to avoid picking a trust model in the reference implementation before the community has weighed in, since the choice will influence what MDF recommends (or leaves open) in the spec.
Questions for the community:
- What trust model are you using or planning to use for x402 settlement verification?
- Is there appetite in the x402 ecosystem for a signed proof / attestation approach that eliminates the RPC dependency?
- Should MDF remain agnostic here and let deployers configure their RPC, or should we recommend a default?
Tracking this as an open design question. Implementation of real verification is blocked on resolution.
The reference implementation currently uses a structural stub for x402 payment verification — it validates receipt shape (chain, currency, amount) but does not confirm on-chain settlement against an EVM RPC.
Replacing the stub requires choosing a trust model. The options as we see them:
Third-party RPC (Alchemy, Infura, etc.) — lowest implementation friction, but introduces an external dependency and a trust assumption that conflicts with the self-hosted, minimal-trust philosophy of the reference implementation.
Self-hosted EVM node — no external trust, but operationally heavy. Reasonable for a production deployment; probably too much for a reference implementation to mandate.
Signed proof / attestation — the payer provides a cryptographic proof of settlement that the server can verify without an RPC call. Cleanest for agents. Not yet standardised in x402 itself.
Light client / SPV-style — verify just enough of the chain state to confirm settlement without a full node. Theoretically attractive, practically immature for EVM.
We want to avoid picking a trust model in the reference implementation before the community has weighed in, since the choice will influence what MDF recommends (or leaves open) in the spec.
Questions for the community:
Tracking this as an open design question. Implementation of real verification is blocked on resolution.