Defer x402 middleware setup to injection time; unify facilitator_url#58
Merged
kylexqian merged 7 commits intofeat/coingecko-opg-price-feedfrom Apr 21, 2026
Merged
Conversation
Previously the x402 payment middleware (facilitator, server, routes, session store) was created at module load using a hardcoded FACILITATOR_URL, which meant the URL couldn't be injected at runtime and the middleware was never actually wired into Flask's request chain (application.run() bypassed _payment_mw entirely). Changes: - Move all x402 setup into _init_payment_middleware(facilitator_url), called once from set_provider_keys(). Uses application.wsgi_app = mw (the standard Flask WSGI middleware pattern) so all requests flow through payment checking after injection. - Accept a single `facilitator_url` field in POST /v1/keys, used for both x402 payment verification and the heartbeat relay. Removes the separate `heartbeat_facilitator_url` field. - Fallback chain: injection payload → FACILITATOR_URL env var → definitions.py hardcoded default. - Update run-enclave.sh: HEARTBEAT_FACILITATOR_URL → FACILITATOR_URL, heartbeat_facilitator_url JSON key → facilitator_url. - Update definitions.py comment to document the full precedence chain. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
FACILITATOR_URL in definitions.py already reads from os.getenv, so the middle step was always superseded by the final fallback. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kylexqian
force-pushed
the
claude/eager-cerf-7b7ff0
branch
from
3ff7060 to
9be9517
Compare
PaymentMiddleware.__init__ does app.wsgi_app internally, so it needs the full Flask application object. Passing application.wsgi_app (a plain function) caused AttributeError. payment_middleware captures the inner wsgi_app by value at creation time, so setting application.wsgi_app = mw afterwards is safe and does not create a circular reference. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PaymentMiddleware.__init__ already does app.wsgi_app = self._wsgi_middleware internally. Our manual application.wsgi_app = mw was overwriting that bound method with the bare PaymentMiddleware instance (which has no __call__), causing TypeError on every request. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adjusts the TEE gateway’s x402 integration so the facilitator URL can be provided at runtime (via /v1/keys) and used consistently for both x402 payment verification and the heartbeat relay configuration.
Changes:
- Defers construction of x402 facilitator/server/routes/session store until runtime injection time.
- Unifies the injected configuration to a single
facilitator_urlused by both x402 and heartbeat. - Updates the enclave run script to inject
facilitator_urlderived fromFACILITATOR_URLin.env.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
tee_gateway/definitions.py |
Clarifies facilitator URL precedence and documents runtime injection. |
tee_gateway/__main__.py |
Moves x402 initialization into an injection-time initializer and unifies facilitator URL usage. |
scripts/run-enclave.sh |
Renames env/config wiring to FACILITATOR_URL → facilitator_url and updates injection payload. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add comment explaining why payment_middleware return value is discarded (PaymentMiddleware self-wires via app.wsgi_app in __init__) - Fix run-enclave.sh heartbeat status message: condition on HEARTBEAT_CONTRACT_ADDRESS alone, with a nested check for FACILITATOR_URL to distinguish injected vs enclave-default URL Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
adambalogh
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously the x402 payment middleware (facilitator, server, routes, session store) was created at module load using a hardcoded FACILITATOR_URL, which meant the URL couldn't be injected at runtime and the middleware was never actually wired into Flask's request chain (application.run() bypassed _payment_mw entirely).
Changes:
facilitator_urlfield in POST /v1/keys, used for both x402 payment verification and the heartbeat relay. Removes the separateheartbeat_facilitator_urlfield.