Every x402 settlement in this repo carries a ZK proof bundle in PAYMENT-RESPONSE: issuer identity, payment settlement, and data integrity, independently verifiable. Live on Base Sepolia.

(Recap: x402 is Coinbase's revival of HTTP 402. Server returns 402, client signs an EIP-3009 USDC auth on Base, retries with PAYMENT-SIGNATURE, facilitator settles. Spec: https://x402.org)

I'm the CTO of FRAME00. We've been building Lemma, a document oracle that binds ZK attribute proofs to on-chain Merkle commitments. Three weeks ago I started asking whether the same proof bundle could ride inside an x402 round trip instead of a separate verification step. This repo is the answer.

The gap x402 leaves: the server gets a wallet address and a tx hash. It doesn't know who authorized the payment, under what policy, or whether the data arrives intact. As agents become the payer, a wallet address is an anonymous primitive, not a principal.

What this adds to the x402 flow:

  Phase 1  Agent hits any x402-protected endpoint with @x402/fetch.
           -> standard 402 with accepts[]. Nothing Lemma-specific.
  Phase 2  Wallet signs EIP-3009 USDC auth, retries with
           PAYMENT-SIGNATURE, facilitator settles.
           -> PAYMENT-RESPONSE carries extensions.lemma =
              { proof, inputs, circuitId, generatedAt }.
              A registered x402 extension, not a sidecar.
  Phase 3  Agent checks SHA-256(body) against
           attributes.integrity in the proof. No round trip.
  Phase 4  POST /query for BBS+ selective disclosure. Released
           only when the caller's x402 payment satisfies
           condition.circuitId = "x402-payment-v1" -- today this
           is API-level access gating; the binding is moving
           into the BBS+ challenge itself (see below).

The demo wraps Phase 1 in a free GET /article returning an X-Lemma-Attestation header pointing at /verify/:hash. Point @x402/fetch at any paid resource directly and Phase 1 is just standard 402.

Server side is a drop-in for @x402/hono:

  import { paymentMiddleware, x402ResourceServer,
           ExactEvmScheme } from "@lemmaoracle/x402";

  const server = new x402ResourceServer(facilitatorClient)
    .register("eip155:84532", new ExactEvmScheme());
  app.use("*", paymentMiddleware(routes, server));

paymentMiddleware auto-attaches a hook that writes extensions.lemma into PAYMENT-RESPONSE. Route handlers don't change.

Agent side uses stock @x402/fetch; no Lemma SDK on the client:

  const x402Fetch = wrapFetchWithPayment(fetch, client);
  const res = await x402Fetch(`${WORKER_URL}/example/verify/${hash}`);
  const settle = JSON.parse(atob(res.headers.get("PAYMENT-RESPONSE")));
  // settle.extensions.lemma = { proof, inputs, circuitId }

What this doesn't claim:

  * Data source is not on-chain. We bind SHA-256 of the body
    to a chain commitment; not authorship.
  * The issuer's BBS+ key is the trust anchor. Identity,
    settlement, and integrity proofs are independent.
  * Facilitator is a liveness dependency (x402 design).
    Fail-closed. Swap or self-host any x402-compatible one.

What is shipping next:

  * Agent-side identity. did:key -> agentId with role, scope,
    spendLimit. Lifts the paying wallet from anonymous
    primitive to verifiable principal.
  * Cryptographic settlement binding. Today condition.circuitId
    is enforced at the API layer; the BBS+ proof itself
    verifies offline once obtained. We are folding the x402
    settlement record into the BBS+ challenge so re-use
    without a fresh payment becomes infeasible at the
    proof layer.

Both are on-axis with the thesis: payment is the trigger; verifiable trust rides on top.

Repo: https://github.com/lemmaoracle/example-x402 x402 SDK: https://www.npmjs.com/package/@lemmaoracle/x402 Lemma SDK: https://www.npmjs.com/package/@lemmaoracle/sdk

Questions on the circuit layer, BBS+ binding, or DID roadmap welcome.

AI's Economics Don't Make Sense

Show HN: Interactive site for learning sailing physics

Possible Apple Weather Outage

How the Eighty Years' War Freed the Netherlands from Spanish Rule

Longest Straight Stretch of a Road

Understanding the LLM Bubble

Illegal vs. Unwanted States

People Using AI to Represent Themselves in Court Are Clogging the System

US Ends Investigation into Claims WhatsApp Chats Aren't Private

Stelae – €19.90/year WordPress, exported to static HTML

The Rise and Fall of 'Petty Tyrants'

Fake Switch 2 cartridges are making it onto Amazon

Show HN: Ragnerock, an AI data analysis tool

Bitboard chess AI, 8051 Space Invaders, and 8 more projects from my CS degree

Apple Vision Pro Used in World-First Cataract Surgery

Filmmakers Drop Piracy Liability Lawsuit Against ISP RCN

VPS Reviews

The AI Flippening Is Here

Show HN: Decaf – rewrites webpage comments using on-device Gemini Nano

LLM Budget Guard – open-source runtime cutoff for OpenAI/Anthropic

Geosmin: The distinct earthy or musty odor

Laguna XS.2 and Laguna M.1 by Poolside

Greece to ban anonymity on social media

Creating a Color Palette from an Image

Ask HN: Is it just me or is Claude Code getting worst?

Union accuses Apple of unlawful discrimination against represented workers

Supabase is patching defaults fast; here's the audit that drove it – DIE ZEIT

Show HN: Credit card super app – track credits, find lounges, add offers (iOS)

My Nix Config Is Intimate

Show HN: We put ZK attribute proofs inside x402 payment headers

Ask HN: Books for LLMs