x402-rack 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd77486c75afc23677145007680438a0a261f168a6314bc5e8038de1429d51b0
-  data.tar.gz: ce8eaeff559f9a7f376991fc33c4233d3c85883e4f71000c4ab609e15fd60eb8
+  metadata.gz: 7c88a0b6770421ac5fa4d83a410a9951f9544af70325fe467bc29676b7d0957f
+  data.tar.gz: b0f8f30ff3a63b6a83794a148e4e8e8aed60555e337c70a6925539147b2a4850
 SHA512:
-  metadata.gz: 9b692baf1bfc107e95dabeed52cb672447e578b25d7d135a2983d9caa61c719ab9b0e4552bf5ea57ccb28d9f0a06b2ab873ced1bbb8630c18d84e63452e2d992
-  data.tar.gz: ecec6258c8b30604a33f4894af7dec5477e929eafc2340a0de88417e2a89f56bb3b8469934c4087c90568f6b9559d89f803cde8ff17aea537aded30df9ed5d26
+  metadata.gz: 8208b0343e9f84a4d7f998a42d574627f92c6457f40a4d8732aa3ed6ff7383789410fc895a43118db49e45bde9a31fb79283524e3b7c4677dcff1465d92119cd
+  data.tar.gz: d65d2ed290d6c097a3a0bccfda18f2634c458e59dace5b4a86ae478616525483adbeb5ba7b62d112f2bfd4475c0a0668772aa1baf2c92e16c52f547bda6f591e

data/.claude/plans/20260326-rack-stack-architecture.md

@@ -302,3 +302,14 @@ The middleware itself has no dependency on `bsv-wallet` or `bsv-sdk`. Only the g
 6. **The client chooses.** Multiple challenge headers, client picks. Payment content negotiation.
 
 7. **State lives on-chain.** No server-side nonce pools, no session tracking, no balance ledgers. The blockchain is the state (with one exception: BRC-105's derivation prefix tracking, which is the BRC-100 wallet's concern).
+
+## Future: Wallet Dashboard UI
+
+A mountable Rack endpoint (e.g. `/wallet`) serving a simple web UI for the server-side wallet. Reads from the same `bsv-wallet` instance the gateways use, providing operator visibility into:
+
+- **Balances** — per-basket totals (nonces, fees, revenue)
+- **Transaction history** — recent actions with labels, status
+- **Output browser** — UTXOs by basket with tags, spendable status
+- **Certificate management** — issued/held certificates
+
+Similar pattern to Sidekiq's web UI or Rails' ActiveStorage dashboard — an optional mountable app that gives operators a window into the wallet without touching the settlement flow. The wallet gem provides the engine; this provides the dashboard. Not a user-facing wallet UI — an operator tool for monitoring and debugging the payment infrastructure.

data/.rubocop.yml

@@ -29,5 +29,8 @@ Metrics/BlockLength:
     - "spec/**/*"
     - "*.gemspec"
 
+Metrics/ClassLength:
+  Enabled: false
+
 Metrics/CollectionLiteralLength:
   Enabled: false

data/CLAUDE.md

@@ -37,6 +37,12 @@ Standard Ruby gem layout generated by `bundle gem`:
 
 - `lib/x402.rb` — main entry point, defines `X402` module
 - `lib/x402/version.rb` — version constant
+- `lib/x402/middleware.rb` — pure dispatcher (no blockchain knowledge)
+- `lib/x402/bsv/gateway.rb` — base class for template-based gateways
+- `lib/x402/bsv/pay_gateway.rb` — Coinbase v2 headers, server broadcasts
+- `lib/x402/bsv/proof_gateway.rb` — merkleworks headers, client broadcasts
+- `lib/x402/bsv/brc105_gateway.rb` — BSV Association BRC-105, BRC-29 derivation (no inheritance from Gateway)
+- `lib/x402/bsv/prefix_store.rb` — pluggable replay protection for BRC-105 derivation prefixes
 - `sig/x402.rbs` — RBS type signatures
 - `x402-rack.gemspec` — gem specification (dependencies defined here, not in Gemfile)
 

data/DESIGN.md

@@ -1,216 +1,52 @@
-# x402-rack Design Notes (DRAFT)
+# x402-rack Design
 
-## Architecture
-
-### Middleware as Dispatcher (`X402::Middleware`)
-
-The Rack middleware is a **pure dispatcher** — the gatekeeper. It has no blockchain knowledge. It:
-
-1. Matches incoming requests against protected routes
-2. Polls each configured gateway for challenge headers, returns all of them in the 402 response
-3. Checks which proof/payment header the client sent, dispatches to the matching gateway
-4. The gateway returns allow/deny — the middleware serves or rejects accordingly
-
-The middleware never decodes transactions, checks mempool, broadcasts, or interacts with any blockchain network. It manages HTTP headers, route matching, and dispatch.
-
-**The gatekeeper MUST NOT sign transactions or hold private keys.**
-
-### Gateways (`X402::BSV::ProofGateway`, `X402::BSV::PayGateway`)
-
-Gateways are pluggable backends that handle chain-specific settlement. They **can** hold keys and sign transactions — they are separate components from the gatekeeper. Each gateway:
-
-- Builds challenge data (including partial transaction templates)
-- Verifies and settles proofs
-- Interacts with ARC and/or a treasury service via the BSV wallet
-
-The gateway interface:
-
-```ruby
-#   #challenge_headers(rack_request, route) → Hash
-#   #proof_header_names → Array<String>
-#   #settle!(header_name, proof_payload, rack_request, route) → result
-```
-
-The boundary test: could someone write `X402::EVM::Gateway` implementing this interface without touching `lib/x402/`? If yes, the separation is correct.
-
-### Multi-Protocol Support
-
-Different x402 ecosystems use different HTTP headers. A server can send **multiple challenge headers** simultaneously — the client picks the one it can satisfy. This is payment content negotiation.
-
-| Scheme | Challenge header | Proof header | Receipt header |
-|--------|-----------------|--------------|----------------|
-| BSV-pay (ours) | `Payment-Required` | `Payment-Signature` | `Payment-Response` |
-| BSV-proof (merkleworks) | `X402-Challenge` | `X402-Proof` | — |
-
-Our PayGateway uses the Coinbase v2 headers (`Payment-*`) — the standard x402 ecosystem language. The ProofGateway uses the merkleworks `X402-*` headers. Header namespaces are reserved per ecosystem: `Payment-*` (Coinbase v2 / ours), `X402-*` (merkleworks), `x-bsv-*` (BRC-105 / BSV Association).
-
-## Unified Template Model
-
-### Both gateways produce partial transaction templates
-
-The challenge includes a **partial transaction template** that the client extends by adding funding inputs (and optionally change outputs). This model unifies the two BSV schemes.
-
-**Base behaviour** (`X402::BSV::Gateway`): build a partial tx with the payment output (amount to payee) and an OP_RETURN request binding output.
-
-**ProofGateway override**: prepends the nonce UTXO input at index 0, signed with `SIGHASH_SINGLE | ANYONECANPAY | FORKID (0xC3)`. This locks the payment output (output 0) while allowing the client to append inputs and outputs freely.
-
-**PayGateway**: inherits the base behaviour. Payment output + OP_RETURN binding, no nonce.
-
-The client's job is identical regardless of scheme: add funding inputs, sign, and either broadcast (BSV-proof) or hand to the server (BSV-pay). The delegator fits the same way in both flows.
-
-### Progressive enhancement via `extra.partialTx`
-
-For the PayGateway's `Payment-Required` challenge (Coinbase v2 format), the partial tx template is carried in the `extra` field of the `accepts` entry:
-
-```json
-{
-  "x402Version": 2,
-  "resource": { "url": "/api/expensive" },
-  "accepts": [
-    {
-      "scheme": "exact",
-      "network": "bsv:mainnet",
-      "amount": "100",
-      "asset": "BSV",
-      "payTo": "1A1zP1...",
-      "maxTimeoutSeconds": 60,
-      "extra": {
-        "partialTx": "<base64 of partial tx template>"
-      }
-    }
-  ]
-}
-```
-
-**Basic client** (any x402 v2 client): ignores `extra.partialTx`, constructs a tx from scratch using `payTo` + `amount`.
+Full documentation is in [`docs/`](docs/). This file serves as an index.
 
-**Smart client** (BSV-aware): reads `extra.partialTx`, extends the template by adding funding inputs and signing.
-
-The template is an optimisation, not a requirement. `payTo` + `amount` are always sufficient.
-
-### Request binding via OP_RETURN
-
-The partial tx template includes an OP_RETURN output binding the payment to the specific request:
-
-```
-Output 0: payment (amount to payee)
-Output 1: OP_RETURN <SHA256(method + path + query)>
-```
-
-At settlement, the gateway recomputes the hash and verifies it matches. Prevents template redirection between endpoints. Cheap (~30 bytes), on-chain, verifiable. Configurable strict/permissive mode.
-
-### Why 0xC3 for the nonce signature
-
-`SIGHASH_SINGLE | ANYONECANPAY | FORKID`:
-- `SIGHASH_SINGLE`: commits only to `output[input_index]` — the nonce at input 0 protects only output 0 (the payment)
-- `ANYONECANPAY`: excludes other inputs — funding and fee inputs can be appended freely
-- `FORKID`: BSV fork ID flag (required)
-
-Using `0xC1` (`SIGHASH_ALL | ANYONECANPAY`) would commit to ALL outputs, breaking extensibility.
-
-## Two BSV Schemes
-
-### BSV-proof (merkleworks x402 spec)
-
-Client broadcasts, server checks mempool. Proof-of-payment model.
-
-**Headers**: `X402-Challenge` / `X402-Proof`
-
-**Challenge**: merkleworks JSON format including a pre-signed partial tx template (Profile B) with nonce UTXO at input 0 signed with `0xC3`, payment output at output 0, plus request binding metadata, expiry, and `require_mempool_accept: true`.
-
-**Settlement**: gateway verifies tx structure, checks nonce spent at input 0, checks payment output, queries ARC for mempool visibility.
-
-**Why client broadcasts** (per Rui at merkleworks): broadcasting is settlement, not authorisation. Server-side broadcast pushes the server towards a stateful payment processor. Client-side broadcast keeps it stateless.
-
-**Requires**: treasury (nonce provision + template signing) + ARC (mempool queries).
-
-### BSV-pay (our BSV-native scheme)
-
-Server broadcasts via ARC. Uses Coinbase v2 header spec.
-
-**Headers**: `Payment-Required` / `Payment-Signature` / `Payment-Response`
-
-**Challenge**: Coinbase v2 `PaymentRequired` with BSV in `accepts` array, `extra.partialTx` carrying the template (payment output + OP_RETURN binding).
-
-**Settlement**: gateway verifies payment output, verifies OP_RETURN binding, broadcasts to ARC (`X-WaitFor: SEEN_ON_NETWORK`, 5s timeout). ARC 200 → allow. ARC error → relay to client.
-
-**No nonces needed**: ARC is the replay gate. Each tx can only be accepted once.
-
-**Requires**: ARC only. No treasury, no nonce provision.
-
-### Comparison
-
-| | BSV-proof (merkleworks) | BSV-pay (ours) |
-|---|---|---|
-| Header spec | Merkleworks `X402-*` | Coinbase v2 `Payment-*` |
-| Challenge header | `X402-Challenge` | `Payment-Required` |
-| Proof header | `X402-Proof` | `Payment-Signature` |
-| Receipt header | — | `Payment-Response` |
-| Template contains | Nonce input (signed 0xC3) + payment output | Payment output + OP_RETURN binding |
-| Who broadcasts | Client | Server (via ARC) |
-| Nonce needed | Yes (challenge binding) | No (ARC is replay gate) |
-| Request binding | Yes (in challenge metadata) | Yes (OP_RETURN in template) |
-| Settlement check | Mempool visibility query | ARC broadcast response |
-| Treasury needed | Yes | No |
-| Minimum infrastructure | Treasury + ARC | ARC only |
-| Ecosystem compatibility | Merkleworks BSV clients | Any x402 v2 client |
+## Architecture
 
-## Component Boundaries
+The middleware is a pure dispatcher — no blockchain knowledge, no keys. Gateways handle settlement.
 
-| Component | Responsibility | Keys? |
-|-----------|---------------|-------|
-| **Gatekeeper** (`X402::Middleware`) | HTTP dispatch, route matching | No — MUST NOT hold keys |
-| **Gateway** (`X402::BSV::*Gateway`) | Challenge templates, settlement, ARC interaction | Via wallet |
-| **BSV Wallet** (`bsv-wallet` gem) | Key management, UTXO tracking, signing | Yes — the security boundary |
-| **Treasury** (wallet role) | Mints nonce UTXOs, signs templates | Via wallet's nonce basket |
-| **Delegator** (separate service) | Adds fee inputs, signs only fee inputs | Yes — but not our concern |
-| **Client** (browser + CWI wallet) | Extends template, signs funding inputs | Yes — client's wallet |
+→ [docs/architecture.md](docs/architecture.md)
 
-### Server-side wallet
+## Settlement Schemes
 
-The `bsv-wallet` gem (in the `sgbett/bsv-ruby-sdk` monorepo) provides a BRC-100 interface. Gateways talk to the wallet exclusively through this API — they never touch keys directly. The wallet is the security boundary.
+Three BSV payment schemes:
 
-One wallet, multiple roles via baskets:
+- **BSV-pay** — server broadcasts via ARC. Coinbase v2 headers. Minimal infrastructure.
+  → [docs/schemes/bsv-pay.md](docs/schemes/bsv-pay.md)
 
-| Role | Basket | Operations |
-|------|--------|------------|
-| Treasury | `x402-nonces` | `createAction` (mint nonces, sign templates), `listOutputs` |
-| Delegator | `x402-fees` | `signAction` (sign fee inputs), `listOutputs` |
-| Payment receipt | `x402-revenue` | `internalizeAction` (accept payments), `listOutputs` |
+- **BSV-proof** — client broadcasts, server checks mempool. Merkleworks headers. Nonce-bound.
+  → [docs/schemes/bsv-proof.md](docs/schemes/bsv-proof.md)
 
-### Dependency chain
+- **BRC-105** — BRC-29 derived addresses, AtomicBEEF transactions. BSV Association headers. Optional BRC-103 auth.
+  → [docs/schemes/brc-105.md](docs/schemes/brc-105.md)
 
-```
-x402-rack (no keys, no wallet dependency in middleware)
-  └── X402::BSV::*Gateway → bsv-wallet (BRC-100 interface)
-                                └── bsv-sdk (primitives)
-```
+## Security
 
-## Ecosystem Context
+HMAC payToSig, nonce provenance verification (0xC3), OP_RETURN binding, threat model.
 
-**Coinbase x402 v2** (broad ecosystem): client signs authorisation, facilitator broadcasts. Headers: `Payment-Required` / `Payment-Signature` / `Payment-Response`.
+→ [docs/security.md](docs/security.md)
 
-**Merkleworks x402** (BSV-specific): client broadcasts, server checks mempool. Headers: `X402-Challenge` / `X402-Proof`.
+## Operations
 
-**BRC-105** (BSV Association BRC, future): mutual auth (BRC-103) + derivation-based payments. Headers: `x-bsv-payment-*`.
+- **Deployment**: configuration, ARC setup, rate limiting → [docs/operations/deployment.md](docs/operations/deployment.md)
+- **Performance**: benchmarks, scaling trade-offs, ARC bottleneck → [docs/operations/performance.md](docs/operations/performance.md)
+- **Treasury**: nonce UTXO lifecycle, expiry, miner sweep → [docs/operations/treasury.md](docs/operations/treasury.md)
 
-Our middleware supports all header conventions via the multi-gateway dispatch model. Our PayGateway speaks the standard Coinbase v2 language, making BSV a first-class citizen in the broader x402 ecosystem.
+## Ecosystem
 
-## Client Side
+Coinbase v2, merkleworks, BRC-105. Header namespaces. Our position.
 
-The x402 flow requires a client that intercepts 402 responses, parses challenges, extends transaction templates, handles fee delegation, and presents proof/payment. This is handled by [`bsv-x402`](https://www.npmjs.com/package/bsv-x402) — a separate JavaScript/TypeScript library ([`sgbett/bsv-x402`](https://github.com/sgbett/bsv-x402) on GitHub).
+→ [docs/ecosystem.md](docs/ecosystem.md)
 
-The client wraps `fetch()` and uses BRC-100 (`window.CWI`) to interact with compliant BSV wallets for transaction construction and signing. See that project's documentation for architecture and integration details.
+## Client Integration
 
-## Current State
+bsv-x402, BRC-100/CWI, BSV Browser, retry logic, fee delegation.
 
-The middleware (`X402::Middleware`), configuration, and protocol layer (challenge/proof structures, request binding, base64url encoding) are implemented. BSV-specific logic currently lives in `X402::Verification::SettlementChecks` and needs to migrate into the gateway classes.
+→ [docs/client-integration.md](docs/client-integration.md)
 
-Next steps:
-1. Extract the gateway interface from the middleware
-2. Implement `X402::BSV::Gateway` base class (payment output + OP_RETURN template)
-3. Implement `X402::BSV::ProofGateway` (merkleworks compatibility)
-4. Implement `X402::BSV::PayGateway` (BSV-native, ARC broadcast, Coinbase v2 headers)
-5. Refactor middleware to multi-gateway dispatch
+## Process Flows
 
-See [`.claude/plans/20260325-bsv-module.md`](.claude/plans/20260325-bsv-module.md) for the detailed implementation plan and [`.claude/plans/20260326-rack-stack-architecture.md`](.claude/plans/20260326-rack-stack-architecture.md) for the full rack stack architecture.
+- **PayGateway**: [docs/process-flow/pay-gateway.md](docs/process-flow/pay-gateway.md)
+- **ProofGateway**: [docs/process-flow/proof-gateway.md](docs/process-flow/proof-gateway.md)
+- **BRC105Gateway**: [docs/process-flow/brc105-gateway.md](docs/process-flow/brc105-gateway.md)

data/README.md

@@ -32,6 +32,12 @@ X402.configure do |config|
     X402::BSV::PayGateway.new(
       arc_url: "https://arc.taal.com",
       arc_api_key: "..."
+    ),
+    # BRC-105 gateway (BSV Association payment protocol)
+    X402::BSV::BRC105Gateway.new(
+      key_deriver: BSV::Wallet::KeyDeriver.new(server_private_key),
+      prefix_store: X402::BSV::PrefixStore::Memory.new,
+      arc_client: arc_client
     )
   ]
 
@@ -49,12 +55,13 @@ use X402::Middleware
 4. Middleware dispatches the proof to the matching gateway for settlement
 5. Gateway verifies and settles — middleware serves or rejects
 
-Two BSV settlement schemes are supported:
+Three BSV settlement schemes are supported:
 
 - **BSV-pay** (Coinbase v2 headers) — server broadcasts via ARC. No nonces, minimal infrastructure.
 - **BSV-proof** (merkleworks x402) — client broadcasts, server checks mempool. Nonce-bound, request-binding.
+- **BRC-105** (BSV Association `x-bsv-*` headers) — BRC-29 key derivation for unique payment addresses. Works standalone or composes with BRC-103 mutual authentication.
 
-Both gateways produce partial transaction templates that clients extend by adding funding inputs. See [DESIGN.md](DESIGN.md) for details.
+BSV-pay and BSV-proof produce partial transaction templates that clients extend. BRC-105 uses a different model — the client builds the entire transaction using BRC-29 derived addresses. See [DESIGN.md](DESIGN.md) for details.
 
 ## Development
 

data/docs/architecture.md

@@ -0,0 +1,119 @@
+# Architecture
+
+## Middleware as Dispatcher (`X402::Middleware`)
+
+The Rack middleware is a **pure dispatcher** — the gatekeeper. It has no blockchain knowledge. It:
+
+1. Matches incoming requests against protected routes
+2. Polls each configured gateway for challenge headers, returns all of them in the 402 response
+3. Checks which proof/payment header the client sent, dispatches to the matching gateway
+4. The gateway returns allow/deny — the middleware serves or rejects accordingly
+
+The middleware never decodes transactions, checks mempool, broadcasts, or interacts with any blockchain network. It manages HTTP headers, route matching, and dispatch.
+
+**The gatekeeper MUST NOT sign transactions or hold private keys.**
+
+## Gateways
+
+Gateways are pluggable backends that handle chain-specific settlement. They **can** hold keys and sign transactions — they are separate components from the gatekeeper. Each gateway:
+
+- Builds challenge data (including partial transaction templates)
+- Verifies and settles proofs
+- Interacts with ARC and/or a treasury service via the BSV wallet
+
+### Gateway Interface
+
+```ruby
+#   #challenge_headers(rack_request, route) → Hash
+#   #proof_header_names → Array<String>
+#   #settle!(header_name, proof_payload, rack_request, route) → result
+```
+
+The boundary test: could someone write `X402::EVM::Gateway` implementing this interface without touching `lib/x402/`? If yes, the separation is correct.
+
+### Built-in Gateways
+
+- **`X402::BSV::PayGateway`** — Coinbase v2 headers, server broadcasts via ARC. See [schemes/bsv-pay.md](schemes/bsv-pay.md).
+- **`X402::BSV::ProofGateway`** — merkleworks headers, client broadcasts, server checks mempool. See [schemes/bsv-proof.md](schemes/bsv-proof.md).
+- **`X402::BSV::BRC105Gateway`** — BSV Association `x-bsv-*` headers, BRC-29 derived addresses, AtomicBEEF transactions. See [schemes/brc-105.md](schemes/brc-105.md).
+
+## Payment Content Negotiation
+
+Different x402 ecosystems use different HTTP headers. A server can send **multiple challenge headers** simultaneously — the client picks the one it can satisfy.
+
+| Scheme | Challenge headers | Proof header | Receipt header |
+|--------|------------------|--------------|----------------|
+| BSV-pay (ours) | `Payment-Required` | `Payment-Signature` | `Payment-Response` |
+| BSV-proof (merkleworks) | `X402-Challenge` | `X402-Proof` | — |
+| BRC-105 (BSV Association) | `x-bsv-payment-satoshis-required`, `x-bsv-payment-derivation-prefix`, `x-bsv-payment-identity-key`* | `x-bsv-payment` | `x-bsv-payment-result` |
+
+\* `x-bsv-payment-identity-key` is omitted when BRC-103 middleware is present upstream.
+
+Header namespaces are reserved per ecosystem:
+- `Payment-*` — Coinbase v2 / our PayGateway
+- `X402-*` — merkleworks / our ProofGateway
+- `x-bsv-*` — BRC-105 / BSV Association (our BRC105Gateway)
+
+## Transaction Models
+
+### Template-based (PayGateway, ProofGateway)
+
+Both template-based gateways produce **partial transaction templates** that the client extends by adding funding inputs (and optionally change outputs).
+
+**Base behaviour** (`X402::BSV::Gateway`): build a partial tx with the payment output (amount to payee) and an OP_RETURN request binding output.
+
+**ProofGateway override**: prepends the nonce UTXO input at index 0, signed with `SIGHASH_SINGLE | ANYONECANPAY | FORKID (0xC3)`. This locks the payment output (output 0) while allowing the client to append inputs and outputs freely.
+
+**PayGateway**: inherits the base behaviour. Payment output + OP_RETURN binding, no nonce.
+
+The client's job is identical for template-based gateways: add funding inputs, sign, and either broadcast (BSV-proof) or hand to the server (BSV-pay).
+
+### Derivation-based (BRC105Gateway)
+
+BRC105Gateway uses a fundamentally different approach — **no partial transaction template**. Instead:
+
+1. The server advertises a derivation prefix (random nonce) and its identity key
+2. The client derives a unique payment address using BRC-29 (BRC-42 key derivation with protocol ID `[2, "3241645161d8"]` and key ID `"#{prefix} #{suffix}"`)
+3. The client builds the entire transaction independently, paying to the derived address
+4. The server re-derives the expected address and verifies the payment output
+
+This eliminates the need for OP_RETURN binding, payTo HMAC, or any shared transaction state. BRC105Gateway does not inherit from `Gateway` — it uses composition via `KeyDeriver`.
+
+### Request Binding via OP_RETURN
+
+```
+Output 0: payment (amount to payee)
+Output 1: OP_RETURN "x402" <SHA256(method + path + query)>
+```
+
+The `x402` protocol tag makes payments discoverable on-chain. The SHA-256 hash binds the payment to the specific HTTP request. Configurable strict/permissive mode.
+
+### Why 0xC3 for the Nonce Signature
+
+`SIGHASH_SINGLE | ANYONECANPAY | FORKID`:
+- `SIGHASH_SINGLE`: commits only to `output[input_index]` — the nonce at input 0 protects only output 0 (the payment)
+- `ANYONECANPAY`: excludes other inputs — funding and fee inputs can be appended freely
+- `FORKID`: BSV fork ID flag (required)
+
+Using `0xC1` (`SIGHASH_ALL | ANYONECANPAY`) would commit to ALL outputs, breaking extensibility.
+
+## Component Boundaries
+
+| Component | Responsibility | Keys? |
+|-----------|---------------|-------|
+| **Gatekeeper** (`X402::Middleware`) | HTTP dispatch, route matching | No — MUST NOT hold keys |
+| **Gateway** (`X402::BSV::*Gateway`) | Challenge templates, settlement, ARC interaction | Via wallet |
+| **BSV Wallet** (`bsv-wallet` gem) | Key management, UTXO tracking, signing | Yes — the security boundary |
+| **Treasury** (wallet role) | Mints nonce UTXOs, signs templates | Via wallet's nonce basket |
+| **Delegator** (separate service) | Adds fee inputs, signs only fee inputs | Yes — but not our concern |
+| **Client** (browser + CWI wallet) | Extends template, signs funding inputs | Yes — client's wallet |
+
+### Dependency Chain
+
+```
+x402-rack (no keys, no wallet dependency in middleware)
+  └── X402::BSV::*Gateway → bsv-wallet (BRC-100 interface)
+                                └── bsv-sdk (primitives)
+```
+
+The middleware itself has no dependency on `bsv-wallet` or `bsv-sdk`. Only the gateway classes do.

data/docs/client-integration.md

@@ -0,0 +1,98 @@
+# Client Integration
+
+## bsv-x402 (JavaScript/TypeScript)
+
+The client library wraps `fetch()` and handles the x402 payment flow transparently:
+
+```js
+import { x402Fetch } from 'bsv-x402'
+
+const response = await x402Fetch('https://api.example.com/paid-endpoint')
+```
+
+When the server responds with `402 Payment Required`, the library:
+
+1. Parses the challenge header (`Payment-Required` or `X402-Challenge`)
+2. Constructs a payment transaction via `window.CWI` (BRC-100 wallet)
+3. Extends the `extra.partialTx` template if present (or builds from scratch)
+4. Broadcasts the transaction (ProofGateway) or hands it to the server (PayGateway)
+5. Retries the original request with the proof header
+
+The app developer just uses `x402Fetch` in place of `fetch`. The UI doesn't flicker — the data just arrives.
+
+**Repository**: [sgbett/bsv-x402](https://github.com/sgbett/bsv-x402)
+**npm**: `bsv-x402`
+
+## BRC-100 and `window.CWI`
+
+[BRC-100](https://github.com/bitcoin-sv/BRCs/blob/master/wallet/0100.md) is a vendor-neutral wallet-to-application interface. Compliant wallets inject a `window.CWI` object into web pages — analogous to `window.ethereum` in the Ethereum ecosystem.
+
+Key methods used by the x402 client:
+- `createAction()` — construct and sign transactions
+- `signAction()` — sign previously created transactions
+- `listOutputs()` — find available UTXOs for funding
+
+Because this uses BRC-100 (not a browser-specific API), it works with any compliant wallet.
+
+## BSV Browser
+
+[BSV Browser](https://github.com/bsv-blockchain/bsv-browser) is the reference BRC-100 wallet implementation. It exposes `window.CWI` and is the primary target for testing the end-to-end flow.
+
+The planned integration path:
+1. User visits a site protected by x402-rack
+2. BSV Browser's `window.CWI` is available
+3. `bsv-x402` intercepts the 402 and calls `CWI.createAction()`
+4. Payment happens seamlessly — the user sees the content load
+
+## Client Behaviour by Scheme
+
+### BRC105Gateway (BRC-105)
+
+1. Client receives `x-bsv-payment-satoshis-required`, `x-bsv-payment-derivation-prefix`, and `x-bsv-payment-identity-key` headers
+2. Client chooses a random derivation suffix
+3. Derives payment address using BRC-29: `KeyDeriver.derive_public_key([2, "3241645161d8"], "#{prefix} #{suffix}", server_identity_key)`
+4. Builds a transaction paying to the derived P2PKH address
+5. Encodes the transaction as AtomicBEEF (BRC-95), base64
+6. Sends `x-bsv-payment` header with JSON: `{ "derivationPrefix": "...", "derivationSuffix": "...", "transaction": "<base64 AtomicBEEF>" }`
+7. Server verifies derivation, broadcasts via ARC, returns `x-bsv-payment-result`
+
+**BRC-103 authenticated mode**: the client already has the server's identity key from the BRC-103 handshake — the `x-bsv-payment-identity-key` header is omitted. The client's authenticated identity key is used as the BRC-29 counterparty, binding the payment to the mutual-auth session.
+
+**BRC-100 wallet integration**: BRC-105 clients can use `wallet.createAction()` to build the transaction and `wallet.internalizeAction()` on the server to process it. The derivation prefix/suffix flow integrates natively with BRC-100's payment handling.
+
+### PayGateway (BSV-pay)
+
+1. Client receives `Payment-Required` header
+2. Reads `extra.partialTx` template (if present)
+3. Extends template with funding inputs, signs
+4. Sends `Payment-Signature` header with the raw tx
+5. Server broadcasts via ARC
+6. Client receives 200 + `Payment-Response` receipt
+
+**On failure**: present "payment failed, retry?" option to the user. This is the simple deployment path.
+
+### ProofGateway (BSV-proof)
+
+1. Client receives `X402-Challenge` header
+2. Reads `partial_tx_b64` template (Profile B, if present)
+3. Extends template with funding inputs, signs
+4. **Broadcasts the transaction to the BSV network**
+5. Sends `X402-Proof` header with txid + rawtx
+6. Server checks mempool, serves content
+
+**On failure**: implement automatic retry logic. The client has already broadcast — the tx is either in mempool or it isn't. Retry the proof submission if the first attempt was a timing issue.
+
+This is the enterprise path — the client handles broadcasting, the server stays stateless.
+
+## Fee Delegation
+
+For clients that don't hold BSV (zero-preload), a delegator service adds fee inputs:
+
+1. Client constructs partial tx (payment output only, no fee inputs)
+2. Client signs with `SIGHASH_ALL | ANYONECANPAY | FORKID` (`0xC1`)
+3. Client sends partial tx to the delegator
+4. Delegator appends fee inputs, signs only its fee inputs
+5. Delegator returns completed transaction
+6. Client proceeds with normal proof/payment flow
+
+The delegator is between the client and the network — the server never talks to it. BSV transaction fees are negligible (1-50 sats), so fee delegation is a convenience, not a requirement.

data/docs/ecosystem.md

@@ -0,0 +1,83 @@
+# Ecosystem
+
+## x402 Implementations
+
+Three x402 ecosystems exist with different conventions. Our middleware supports all of them via the multi-gateway dispatch model.
+
+### Coinbase x402 v2 (broad ecosystem)
+
+- **Headers**: `Payment-Required` / `Payment-Signature` / `Payment-Response`
+- **Flow**: client signs authorisation → facilitator broadcasts (verify → serve → settle)
+- **Replay protection**: chain-native (EIP-712 nonces, Solana blockhash)
+- **Request binding**: resource URL only (no method/path/query hash)
+- **Multi-chain**: `accepts` array for multi-chain/multi-scheme negotiation
+- **Spec**: https://docs.x402.org
+- **Our PR**: https://github.com/coinbase/x402/pull/1844 (BSV scheme spec)
+
+### Merkleworks x402 (BSV-specific)
+
+- **Headers**: `X402-Challenge` / `X402-Proof`
+- **Flow**: client broadcasts → server checks mempool (proof-of-payment)
+- **Replay protection**: 1-sat nonce UTXO (single-spend at consensus layer)
+- **Request binding**: strong (method, path, query, headers hash, body hash)
+- **Spec**: https://github.com/ruidasilva/merkleworks-x402-spec
+- **Reference impl**: https://github.com/merkleworks/x402-bsv
+
+### BRC-105 (BSV Association BRC)
+
+- **Headers**: `x-bsv-payment-version` / `x-bsv-payment-satoshis-required` / `x-bsv-payment-derivation-prefix` / `x-bsv-payment`
+- **Flow**: authenticated (BRC-103/104) payment with derivation-based unique addresses
+- **Replay protection**: server-tracked derivation prefixes (server-side state)
+- **Identity**: requires BRC-103 mutual authentication (but could work without — see below)
+- **Spec**: https://github.com/bitcoin-sv/BRCs/blob/master/payments/0105.md
+
+## Header Namespace Reservations
+
+| Namespace | Ecosystem |
+|-----------|-----------|
+| `Payment-*` | Coinbase v2 / our PayGateway |
+| `X402-*` | Merkleworks / our ProofGateway |
+| `x-bsv-*` | BRC-105 / BSV Association |
+
+These namespaces must not overlap. When designing new headers or gateway types, check which namespace the target ecosystem uses.
+
+## Our Position
+
+Our PayGateway implements the Coinbase v2 header spec with BSV as the settlement network. This makes BSV a first-class citizen in the broader x402 ecosystem — any Coinbase-compatible server or client can interoperate with us.
+
+We also support merkleworks via a separate ProofGateway that uses the `X402-*` headers.
+
+Our BRC105Gateway implements the BSV Association's native payment protocol using `x-bsv-*` headers, enabling interoperability with BRC-100 wallets and the broader BSV ecosystem tooling.
+
+Coinbase will likely gatekeep BSV from their ecosystem — our conformance is about making it easy for others to integrate BSV as a supported network.
+
+## BRC-105: Standalone and Authenticated Modes
+
+BRC-105 assumes BRC-103/104 mutual authentication, but `BRC105Gateway` supports both modes:
+
+### Standalone mode (no BRC-103)
+
+The gateway advertises its identity key in the `x-bsv-payment-identity-key` challenge header. The client uses this for BRC-29 key derivation. Counterparty is `"anyone"` — anonymous payments similar to PayGateway but using BSV-native headers.
+
+- No handshake required
+- Transport security handled by TLS
+- Replay protection via server-tracked derivation prefixes
+
+### Authenticated mode (with BRC-103 middleware)
+
+When BRC-103 middleware is present upstream in the Rack stack, the gateway reads the client's authenticated identity key from `env['brc103.identity_key']` and uses it as the BRC-29 derivation counterparty. The identity key challenge header is omitted (the client already has the server's key from the BRC-103 handshake).
+
+- Full BRC-105 compliance
+- Payment bound to authenticated identity
+- Stronger replay protection (session nonces + prefix tracking)
+
+The gateway detects the mode automatically — no configuration change required. This allows composing `BRC103Middleware + BRC105Gateway` for the full authenticated flow, or using `BRC105Gateway` alone for the simpler anonymous path.
+
+## Related Projects
+
+- **x402-rack** (this gem): server-side Rack middleware
+- **bsv-x402** (npm): client-side fetch wrapper ([sgbett/bsv-x402](https://github.com/sgbett/bsv-x402))
+- **bsv-sdk** (gem): BSV primitives — keys, transactions, scripts, ARC
+- **bsv-wallet** (gem): BRC-100 wallet interface
+- **BSV Browser**: BRC-100 wallet with `window.CWI` ([bsv-blockchain/bsv-browser](https://github.com/bsv-blockchain/bsv-browser))
+- **402index.io**: x402 endpoint aggregator with payment flow examples