Follow-up from the PR #5 receipt-QA pass.
Before x402 Base mainnet receipt verification is used for automated product access or delivery links, I would make the production cutover fail closed on these points:
- Require explicit production
AWM_X402_TREASURY; do not rely on the default fallback for mainnet payment instructions.
- Product fulfillment must pin
recipient == payment.x402.payTo, exact positive amount.raw, and networkCaip2 == eip155:8453; generic read-only verification with recipient override should not be enough to issue access.
- Keep
consume=true disabled for production fulfillment until the local JSON receipt store is replaced by durable atomic storage, or wire a shared Redis/Postgres/KV SET-NX-style guard.
- Document and enforce a Base confirmation/finality threshold before a receipt becomes consumable.
- Keep platform/WAF/shared rate limiting in front of the in-process limiter.
Acceptance checks:
- Missing production treasury config fails closed.
- Same
paymentRef cannot issue access twice.
- Same tx/log with a different quote/customer/request returns conflict before fulfillment.
- Product access rejects a verified transfer to any recipient other than the advertised
payTo.
- Product access rejects zero or amountless receipts.
- Finality threshold is documented and covered by a test or deployment checklist.
QA packet: #5 (comment)
Follow-up from the PR #5 receipt-QA pass.
Before x402 Base mainnet receipt verification is used for automated product access or delivery links, I would make the production cutover fail closed on these points:
AWM_X402_TREASURY; do not rely on the default fallback for mainnet payment instructions.recipient == payment.x402.payTo, exact positiveamount.raw, andnetworkCaip2 == eip155:8453; generic read-only verification withrecipientoverride should not be enough to issue access.consume=truedisabled for production fulfillment until the local JSON receipt store is replaced by durable atomic storage, or wire a shared Redis/Postgres/KV SET-NX-style guard.Acceptance checks:
paymentRefcannot issue access twice.payTo.QA packet: #5 (comment)