x402-proxy
Health Uyari
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Uyari
- process.env — Environment variable access in packages/x402-proxy/src/bin/cli.ts
- process.env — Environment variable access in packages/x402-proxy/src/commands/claude.ts
- network request — Outbound network request in packages/x402-proxy/src/commands/fetch.ts
- process.env — Environment variable access in packages/x402-proxy/src/commands/mcp-add.ts
Permissions Gecti
- Permissions — No dangerous permissions requested
This is a CLI and MCP proxy server that enables automated cryptocurrency payments (USDC) for HTTP 402 paid API endpoints and AI agent tools. It bridges traditional web requests with blockchain payment protocols on Base, Solana, and Tempo without requiring users to write crypto-specific code.
Security Assessment
Overall risk: Medium. The tool inherently makes outbound network requests to facilitate API connections and process payments. It relies on environment variables, which is standard practice, but it also automatically generates and stores a crypto wallet locally (`~/.config/x402-proxy/wallet.json`). This means it handles sensitive financial data and private keys. The code does not appear to request dangerous system permissions or execute arbitrary hidden shell commands, but users must trust the proxy with their funds and API routing. No hardcoded secrets were detected.
Quality Assessment
The repository is licensed under the permissive and standard Apache-2.0 license. Development appears highly active, with the most recent code push occurring just today. However, the project currently has extremely low community visibility with only 5 GitHub stars, meaning it has not been broadly vetted by the open-source community.
Verdict
Use with caution — the code is active and transparent, but extremely low community adoption combined with the handling of automated financial transactions warrants a careful security review before connecting it to your AI workflows.
curl for x402 and MPP paid APIs. CLI + MCP proxy that auto-pays any endpoint on Base, Solana, and Tempo. Zero crypto code on the buyer side.
x402-proxy
curl for x402 and MPP paid APIs. Auto-pays HTTP 402 responses with USDC on Base, Solana, and Tempo - zero crypto code on the buyer side. Supports one-time payments (x402, MPP charge) and pay-per-token streaming (MPP sessions).
Quick Start
npx x402-proxy https://surf.cascade.fyi/api/v1/twitter/user/openclaw
That's it. The endpoint returns 402, x402-proxy pays and streams the response.
No wallet? It'll walk you through setup automatically. One mnemonic derives both EVM (Base/Tempo) and Solana keypairs. Fund any chain and go.
MCP Proxy
Let your AI agent consume any paid MCP server.
Quick setup
npx x402-proxy mcp add surf https://surf.cascade.fyi/mcp
Auto-detects installed AI clients (Claude Code, Cursor, VS Code, and 16+ others), shows a config preview, and writes it for you. Runs wallet setup if needed.
Manual config
Or add to your client config directly:
{
"mcpServers": {
"surf": {
"command": "npx",
"args": ["-y", "x402-proxy", "mcp", "https://surf.cascade.fyi/mcp"]
}
}
}
The proxy auto-generates a wallet on first run and uses ~/.config/x402-proxy/wallet.json. No env vars needed. Your agent never touches crypto.
For OpenClaw:
openclaw mcp set surf '{"command":"npx","args":["-y","x402-proxy","mcp","https://surf.cascade.fyi/mcp"]}'
HTTP Requests
Works like curl. Response body streams to stdout, payment info goes to stderr.
# GET request
$ npx x402-proxy https://surf.cascade.fyi/api/v1/twitter/user/openclaw
# POST with body and headers (curl-style short flags: -X, -H, -d)
$ npx x402-proxy -X POST \
-H "Content-Type: application/json" \
-d '{"url":"https://x402.org"}' \
https://surf.cascade.fyi/api/v1/web/crawl
# Force a specific network
$ npx x402-proxy --network base https://api.example.com/data
# Debug protocol negotiation and payment flow
$ npx x402-proxy --verbose https://api.example.com/data
# Use MPP protocol for streaming payments
$ npx x402-proxy --protocol mpp \
-X POST -H "Content-Type: application/json" \
-d '{"model":"minimax/minimax-m2.5","stream":true,"messages":[{"role":"user","content":"Hello"}]}' \
https://surf.cascade.fyi/api/v1/inference/v1/chat/completions
# Pipe-safe
$ npx x402-proxy https://api.example.com/data | jq '.results'
Commands
$ npx x402-proxy <url> # paid HTTP request (default command)
$ npx x402-proxy serve # local paid inference proxy server
$ npx x402-proxy claude # run Claude Code through a paid local proxy
$ npx x402-proxy mcp <url> # MCP stdio proxy for agents
$ npx x402-proxy mcp add <name> <url> # install MCP server into your AI client
$ npx x402-proxy setup # onboarding wizard
$ npx x402-proxy status # config + wallet + spend summary
$ npx x402-proxy config # show current configuration
$ npx x402-proxy config set <key> <value> # set a config value
$ npx x402-proxy config unset <key> # remove a config value
$ npx x402-proxy wallet # show addresses and balances
$ npx x402-proxy wallet history # payment history
$ npx x402-proxy wallet export-key <target> # bare key/mnemonic to stdout (evm|solana|mnemonic)
All commands support --help for details. Use -c <dir> to override the config directory.
Wallet
A single BIP-39 mnemonic derives both chains:
- Solana: SLIP-10 Ed25519 at
m/44'/501'/0'/0' - EVM: BIP-32 secp256k1 at
m/44'/60'/0'/0/0
Config stored at $XDG_CONFIG_HOME/x402-proxy/ (default ~/.config/x402-proxy/).
Export keys for other tools
# Pipe-safe - outputs bare key/mnemonic to stdout
$ MY_KEY=$(npx x402-proxy wallet export-key evm)
$ MY_MNEMONIC=$(npx x402-proxy wallet export-key mnemonic)
Env Vars
Override wallet per-instance (fallback for environments where the wallet file isn't accessible):
X402_PROXY_WALLET_MNEMONIC # BIP-39 mnemonic (derives both chains)
X402_PROXY_WALLET_EVM_KEY # EVM private key (hex)
X402_PROXY_WALLET_SOLANA_KEY # Solana private key (base58)
Resolution order: flags > env vars > mnemonic env > wallet.json file.
Library Usage
import {
createX402ProxyHandler,
createMppProxyHandler,
extractTxSignature,
detectProtocols,
appendHistory,
readHistory,
calcSpend,
} from "x402-proxy";
See the library API docs for details.
OpenClaw Plugin
The OpenClaw plugin now ships as a separate npm package: x402-proxy-openclaw.
openclaw plugins install x402-proxy-openclaw
It gives your gateway automatic x402 and MPP payment capabilities. Registers x_wallet and x_request tools (aliased as x_balance/x_payment), /x_wallet and /x_send commands, and an HTTP route proxy for upstream inference endpoints.
By default, the plugin registers a built-in surf provider at /x402-proxy/v1 that points at https://surf.cascade.fyi/api/v1/inference and prefers MPP. Uses the standard wallet resolution (env vars or wallet.json).
For MPP-backed inference, make sure the wallet source includes an EVM key as well as Solana. npx x402-proxy setup does this automatically.
License
Apache-2.0
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi