The security layer your agent needs — x402 payment middleware
Project description
DoorNo.402
DoorNo.402 is a security middleware for x402 payment requests. It sits between your agent and the payment, validates the request against known attack patterns, and blocks anything suspicious.
The problem
The x402 specification enables autonomous payments but lacks a native trust model. When an agent requests a resource, any server can return an HTTP 402 demanding payment. Because the server controls both the description and the required amount, it can lie about the price, inject malicious prompts into the description, or redirect funds to an unknown wallet. Without a security layer, your agent will blindly sign and execute whatever the server demands.
Install
For Python:
pip install doorno402
For TypeScript:
npm install doorno402
Quickstart — Python
from doorno402 import protect, PaymentBlockedError
from x402.clients.httpx import x402HttpxClient
from eth_account import Account
account = Account.from_key(private_key)
client = protect(x402HttpxClient(account=account))
try:
resp = await client.get("https://api.example.com/data")
except PaymentBlockedError as e:
print("Payment blocked:", e.result)
Quickstart — TypeScript
import { protect, PaymentBlockedError } from "doorno402"
const safeFetch = protect(fetch)
try {
const resp = await safeFetch("https://api.example.com/data")
} catch (e) {
if (e instanceof PaymentBlockedError) {
console.log("Payment blocked:", e.result)
}
}
What it catches
| # | Vulnerability | Attack | Status |
|---|---|---|---|
| 01 | Price Inflation | Server claims $0.01, charges $5 | Covered |
| 02 | Unknown Recipient | No ENS, zero trust score | Covered |
| 03 | Redirect Hijack | Payment redirected to attacker | Covered |
| 04 | Prompt Injection | LLM override in description | Covered |
| 05 | Budget Drain | Rapid micro-payments | Covered |
| 06 | TLS Downgrade | Payment over HTTP | Covered |
| 07 | Fake Delivery | Empty response after payment | Covered |
Configuration
When calling protect(), you can supply the following configuration parameters to customize the security thresholds:
daily_budget: (float) The maximum cumulative USD amount the agent is allowed to spend in a 24-hour window. Defaults to 0.50.mainnet_rpc_url: (str) The RPC URL used for resolving ENS names and calculating recipient trust scores.raise_on_block: (bool) If true, the middleware throws an exception/error when a payment is blocked. If false, it returns a mutated 403 Forbidden HTTP response.
How it works
DoorNo.402 acts as a transparent proxy around your HTTP client. When your agent makes a request that results in a 402 Payment Required response, the middleware intercepts the response before your agent sees it. It parses the payment payload and runs it through a strict 7-stage validation pipeline. If all checks pass, the response is forwarded to the agent for execution. If any check fails, the pipeline halts immediately and raises an error, ensuring no transaction is ever signed.
KeeperHub integration
DoorNo.402 provides native integration for KeeperHub's MCP client. Since KeeperHub handles the execution, DoorNo.402 sits directly in front of the execution tool to validate the workflow payload before it reaches the KeeperHub infrastructure.
import { interceptAndForward } from "doorno402/mcp"
import { keeperHubClient } from "./agent"
const safeClient = interceptAndForward(keeperHubClient)
await agent.run(safeClient)
Running the demo
The repository includes a comprehensive test suite demonstrating the vulnerabilities against 6 live simulated attack servers.
- Start the malicious servers:
npm install
node demo/servers/cryptoinsider/server.js &
node demo/servers/chainpulse/server.js &
# (repeat for blockbrief, nodetimes, web3daily, combo)
- Run the unprotected agent to observe the attacks succeeding:
python demo/agent/unprotected_demo.py
- Run the protected agent to observe DoorNo.402 blocking the attacks:
python demo/agent/multi_demo.py
Project structure
sdk/python/— Python middleware implementationsdk/ts/— TypeScript middleware implementationdemo/servers/— 6 simulated attack servers (Express)demo/agent/— Multi-server test scripts demonstrating the pipelinedemo/landing/— Project landing page source
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file doorno402-0.3.0.tar.gz.
File metadata
- Download URL: doorno402-0.3.0.tar.gz
- Upload date:
- Size: 14.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b4f5ce12af0e6c12c2a16cfa514b236e4d6073d34e673b00a8639766a540b9d9
|
|
| MD5 |
098384243ba2a8f83eb7b268dc2983c3
|
|
| BLAKE2b-256 |
6a65d3e94d98c63d7080340a0a7e32c01f318033fd0e973a89ef832fb4dc5508
|
File details
Details for the file doorno402-0.3.0-py3-none-any.whl.
File metadata
- Download URL: doorno402-0.3.0-py3-none-any.whl
- Upload date:
- Size: 14.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2fb5690bca660dcb4e257b8712d21ce6e07de373c4a605b4711b6f16ea495493
|
|
| MD5 |
0b69748cb5b188c5faef1613dc073b3a
|
|
| BLAKE2b-256 |
e888ebfda054805670751e1abc7c1e50d1fe41aeacc03dae062bd80c640b6ba8
|
