paynode-sdk-python 1.4.0__py3-none-any.whl → 2.1.0__py3-none-any.whl

paynode_sdk/middleware.py

@@ -1,4 +1,7 @@
 import time
+import base64
+import json
+import logging
 from typing import Optional, Callable, Any
 from fastapi import Request, Response
 from fastapi.responses import JSONResponse
@@ -14,6 +17,8 @@ from .constants import (
 
 from starlette.middleware.base import BaseHTTPMiddleware
 
+logger = logging.getLogger("paynode_sdk.middleware")
+
 class PayNodeMiddleware(BaseHTTPMiddleware):
     def __init__(
         self,
@@ -27,7 +32,8 @@ class PayNodeMiddleware(BaseHTTPMiddleware):
         decimals: int = BASE_USDC_DECIMALS,
         rpc_urls: list | str = BASE_RPC_URLS,
         store: Optional[IdempotencyStore] = None,
-        generate_order_id: Optional[Callable[[Request], str]] = None
+        generate_order_id: Optional[Callable[[Request], str]] = None,
+        **kwargs
     ):
         super().__init__(app)
         # The Verifier holds the state of the idempotency store
@@ -41,62 +47,107 @@ class PayNodeMiddleware(BaseHTTPMiddleware):
         self.chain_id = chain_id
         self.generate_order_id = generate_order_id or (lambda r: f"agent_py_{int(time.time() * 1000)}")
 
-        # Calculate raw amount (integer)
-        self.amount_int = int(float(price) * (10 ** decimals))
+        # DEV-2 FIX: Avoid float precision risks by using integer arithmetic or decimal string parsing
+        if "." in price:
+            parts = price.split(".")
+            integer_part = parts[0]
+            fraction_part = parts[1][:decimals].ljust(decimals, "0")
+            self.amount_int = int(integer_part + fraction_part)
+        else:
+            self.amount_int = int(price) * (10 ** decimals)
+        self.description = kwargs.get('description', "Protected Resource")
+        self.max_timeout_seconds = kwargs.get('max_timeout_seconds', 3600)
 
     async def dispatch(self, request: Request, call_next):
-        receipt_hash = request.headers.get('x-paynode-receipt')
-        order_id = request.headers.get('x-paynode-order-id')
+        v2_payload_header = request.headers.get('X-402-Payload')
+        order_id = request.headers.get('X-402-Order-Id')
 
         if not order_id:
             order_id = self.generate_order_id(request)
 
-        # Phase 1: Handshake (402 Payment Required)
-        if not receipt_hash:
-            headers = {
-                'x-paynode-contract': self.contract_address,
-                'x-paynode-merchant': self.merchant_address,
-                'x-paynode-amount': str(self.amount_int),
-                'x-paynode-currency': self.currency,
-                'x-paynode-token-address': self.token_address,
-                'x-paynode-chain-id': str(self.chain_id),
-                'x-paynode-order-id': order_id,
-            }
-            return JSONResponse(
-                status_code=402,
-                headers=headers,
-                content={
-                    "error": "Payment Required",
-                    "code": ErrorCode.missing_receipt,
-                    "message": "Please pay to PayNode contract and provide 'x-paynode-receipt' header.",
-                    "amount": self.price,
-                    "currency": self.currency
-                }
-            )
+        # Handle x402 v2 Unified Payload
+        unified_payload = None
+        if v2_payload_header:
+            try:
+                unified_payload = json.loads(base64.b64decode(v2_payload_header.encode()).decode())
+            except Exception as e:
+                logger.error(f"❌ [PayNode-Middleware] Failed to decode X-402-Payload header: {e}")
 
-        # Phase 2: On-chain Verification
-        result = await self.verifier.verify_payment(receipt_hash, {
-            "merchantAddress": self.merchant_address,
-            "tokenAddress": self.token_address,
-            "amount": self.amount_int,
-            "orderId": order_id
-        })
+        if unified_payload:
+            try:
+                result = await self.verifier.verify(
+                    unified_payload,
+                    {
+                        "merchantAddress": self.merchant_address,
+                        "tokenAddress": self.token_address,
+                        "amount": str(self.amount_int),
+                        "orderId": order_id
+                    },
+                    # BUG-1 FIX: extra should come from our own config (v2Response schema), not the agent's payload
+                    {
+                        "name": self.currency,
+                        "version": "2" # USDC v2
+                    } if unified_payload.get("type") == "eip3009" else {}
+                )
+                if result.get("isValid"):
+                    request.state.paynode = {"unified_payload": unified_payload, "orderId": order_id}
+                    return await call_next(request)
+                else:
+                    err = result.get("error")
+                    return JSONResponse(
+                        status_code=403,
+                        content={
+                            "error": "Forbidden",
+                            "code": err.code if hasattr(err, 'code') else ErrorCode.invalid_receipt,
+                            "message": str(err)
+                        }
+                    )
+            except Exception as e:
+                logger.error(f"⚠️ [PayNode-Middleware] Failed to process x402 v2 payload: {e}")
 
-        if result.get("isValid"):
-            # Validation Passed!
-            return await call_next(request)
-        else:
-            # Validation Failed
-            err = result.get("error")
-            print(f"❌ [PayNode-PY] Verification Failed for Order: {order_id}. Reason: {str(err)}")
-            return JSONResponse(
-                status_code=403,
-                content={
-                    "error": "Forbidden",
-                    "code": err.code if hasattr(err, 'code') else ErrorCode.invalid_receipt,
-                    "message": str(err)
+        # No valid payment found, return 402 with X-402-Required
+        v2_response = {
+            "x402Version": 2,
+            "error": "Payment Required by PayNode",
+            "resource": {
+                "url": str(request.url),
+                "description": self.description,
+                "mimeType": request.headers.get("accept", "application/json")
+            },
+            "accepts": [
+                {
+                    "scheme": "exact",
+                    "type": "eip3009",
+                    "network": f"eip155:{self.chain_id}",
+                    "amount": str(self.amount_int),
+                    "asset": self.token_address,
+                    "payTo": self.merchant_address,
+                    "maxTimeoutSeconds": self.max_timeout_seconds,
+                    "extra": {
+                        "name": self.currency,
+                        "version": "2"
+                    }
+                },
+                {
+                    "scheme": "exact",
+                    "type": "onchain",
+                    "network": f"eip155:{self.chain_id}",
+                    "amount": str(self.amount_int),
+                    "asset": self.token_address,
+                    "payTo": self.merchant_address,
+                    "maxTimeoutSeconds": self.max_timeout_seconds,
+                    "router": self.contract_address
                 }
-            )
+            ]
+        }
+
+        b64_required = base64.b64encode(json.dumps(v2_response).encode()).decode()
+
+        headers = {
+            'X-402-Required': b64_required,
+            'X-402-Order-Id': order_id,
+        }
+        return JSONResponse(status_code=402, headers=headers, content=v2_response)
 
 def x402_gate(
     merchant_address: str, 

paynode_sdk/verifier.py

@@ -1,30 +1,46 @@
 import asyncio
+import time
+import logging
+from concurrent.futures import ThreadPoolExecutor, as_completed
 from .errors import ErrorCode, PayNodeException
-from .constants import PAYNODE_ROUTER_ABI, ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT
+from .constants import ACCEPTED_TOKENS, MIN_PAYMENT_AMOUNT, PAYNODE_ROUTER_ABI
 from .idempotency import MemoryIdempotencyStore
 from web3 import Web3
+from eth_account import Account
+
+logger = logging.getLogger("paynode_sdk.verifier")
 
 class PayNodeVerifier:
     def __init__(self, rpc_urls=None, contract_address=None, chain_id=None, w3=None, store=None, accepted_tokens=None):
         self.w3 = w3
         if not self.w3 and rpc_urls:
             urls = rpc_urls if isinstance(rpc_urls, list) else [rpc_urls]
-            for rpc in urls:
+            
+            def _check_rpc(url):
                 try:
-                    temp_w3 = Web3(Web3.HTTPProvider(rpc, request_kwargs={'timeout': 5}))
+                    temp_w3 = Web3(Web3.HTTPProvider(url, request_kwargs={'timeout': 3}))
                     if temp_w3.is_connected():
-                        self.w3 = temp_w3
-                        break
+                        return temp_w3
                 except Exception:
-                    continue
+                    pass
+                return None
+
+            with ThreadPoolExecutor(max_workers=min(len(urls), 5)) as executor:
+                future_to_url = {executor.submit(_check_rpc, url): url for url in urls}
+                for future in as_completed(future_to_url):
+                    w3_instance = future.result()
+                    if w3_instance:
+                        self.w3 = w3_instance
+                        logger.debug(f"⚡ [PayNode-PY] Verifier connected to RPC: {future_to_url[future]}")
+                        break
+            
             if not self.w3:
-                raise PayNodeException(ErrorCode.rpc_error)
+                raise PayNodeException(ErrorCode.rpc_error, message="All provided RPC nodes are unreachable.")
         self.contract_address = contract_address
         self.chain_id = int(chain_id) if chain_id else None
         self.store = store or MemoryIdempotencyStore()
 
         # Build accepted token set: user-provided or chain-default
-        # accepted_tokens=None → use chain default; accepted_tokens=[] → explicitly disable whitelist
         if accepted_tokens is not None:
             token_list = accepted_tokens
         elif self.chain_id:
@@ -33,102 +49,262 @@ class PayNodeVerifier:
             token_list = None
         self.accepted_tokens = set(t.lower() for t in token_list) if token_list else None
 
-    async def verify_payment(self, tx_hash, expected):
-        if not self.w3:
-            return {"isValid": False, "error": PayNodeException(ErrorCode.rpc_error, message="Verifier Provider Missing")}
-
-        # 0. Dust Exploit Check (Minimum Payment)
-        amount = int(expected.get("amount", 0))
-        if amount < MIN_PAYMENT_AMOUNT:
-             return {"isValid": False, "error": PayNodeException(
-                ErrorCode.amount_too_low,
-                message=f"Payment amount {amount} is below the minimum threshold of {MIN_PAYMENT_AMOUNT}."
-            )}
+    async def verify(self, unified_payload: dict, expected: dict, extra: dict = None) -> dict:
+        """
+        Unified verification entry point for X402 V3.1 (Hybrid V2).
+        Routes to verify_onchain_payment or verify_transfer_with_authorization (eip3009).
+        """
+        try:
+            # 1. Double-check Protocol Dust Limit (>= 1000)
+            expected_amount = int(expected.get("amount", 0))
+            if expected_amount < MIN_PAYMENT_AMOUNT:
+                 return {"isValid": False, "error": PayNodeException(ErrorCode.amount_too_low)}
 
-        # 1. Token Whitelist Check (Anti-FakeToken)
-        expected_token = expected.get("tokenAddress", "").lower()
-        if self.accepted_tokens and expected_token not in self.accepted_tokens:
-            return {"isValid": False, "error": PayNodeException(
-                ErrorCode.token_not_accepted,
-                message=f"Token {expected.get('tokenAddress')} is not in the accepted whitelist."
-            )}
+            # 2. Security: Token Whitelist Check
+            if self.accepted_tokens and expected.get("tokenAddress", "").lower() not in self.accepted_tokens:
+                return {"isValid": False, "error": PayNodeException(ErrorCode.token_not_accepted, message=f"Token {expected.get('tokenAddress')} not allowed")}
 
+            payload_type = unified_payload.get("type")
+            actual_payload = unified_payload.get("payload", {})
+            order_id = unified_payload.get("orderId")
+            
+            if payload_type == "onchain":
+                tx_hash = actual_payload.get("txHash")
+                if not tx_hash:
+                    return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Missing txHash in onchain payload")}
+                
+                onchain_expected = {
+                    "merchantAddress": expected.get("merchantAddress"),
+                    "tokenAddress": expected.get("tokenAddress"),
+                    "amount": expected.get("amount"),
+                    "orderId": order_id
+                }
+                return await self.verify_onchain_payment(tx_hash, onchain_expected)
+            
+            elif payload_type == "eip3009":
+                token_addr = expected.get("tokenAddress")
+                if not token_addr:
+                    return {"isValid": False, "error": PayNodeException(ErrorCode.token_not_accepted, message="tokenAddress is required for eip3009 verification")}
+                
+                return await self.verify_transfer_with_authorization(
+                    token_addr, 
+                    actual_payload, 
+                    {"to": expected.get("merchantAddress"), "value": expected.get("amount")},
+                    extra
+                )
+            else:
+                return {"isValid": False, "error": PayNodeException(ErrorCode.internal_error, message=f"Unsupported payload type: {payload_type}")}
+        except Exception as e:
+            if isinstance(e, PayNodeException):
+                return {"isValid": False, "error": e}
+            return {"isValid": False, "error": PayNodeException(ErrorCode.internal_error, message=str(e))}
 
+    async def verify_onchain_payment(self, tx_hash, expected):
+        if not self.w3:
+            return {"isValid": False, "error": PayNodeException(ErrorCode.rpc_error)}
 
-        # Wrap synchronous web3 calls in asyncio.to_thread to avoid blocking the event loop
         try:
             receipt = await asyncio.to_thread(self.w3.eth.get_transaction_receipt, tx_hash)
         except Exception:
             return {"isValid": False, "error": PayNodeException(ErrorCode.transaction_not_found)}
 
-        if not receipt:
+        if receipt is None:
             return {"isValid": False, "error": PayNodeException(ErrorCode.transaction_not_found)}
-        
+            
         if receipt.get("status") == 0:
             return {"isValid": False, "error": PayNodeException(ErrorCode.transaction_failed)}
 
         contract = self.w3.eth.contract(address=Web3.to_checksum_address(self.contract_address), abi=PAYNODE_ROUTER_ABI)
         
+        # 1. Check if the router was even involved (against 'WrongContract' vs 'InvalidReceipt')
+        # Filter logs for current contract
+        relevant_logs = [log for log in receipt.get("logs", []) if log.get("address", "").lower() == self.contract_address.lower()]
+        if not relevant_logs:
+             return {"isValid": False, "error": PayNodeException(ErrorCode.wrong_contract, message="Transaction did not interact with the expected PayNodeRouter contract")}
+
         try:
-            logs = await asyncio.to_thread(contract.events.PaymentReceived().process_receipt, receipt)
+            processed_logs = await asyncio.to_thread(contract.events.PaymentReceived().process_receipt, {"logs": relevant_logs})
         except Exception:
-            return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt)}
+             return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt)}
 
-        if not logs:
-            return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="No valid PaymentReceived event found")}
+        if not processed_logs:
+             return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="No PaymentReceived event found in router logs")}
 
-        # Find and validate the specific log
         merchant = expected.get("merchantAddress", "").lower()
         token = expected.get("tokenAddress", "").lower()
         amount = int(expected.get("amount", 0))
         order_id_bytes = self.w3.keccak(text=expected.get("orderId", ""))
 
-        last_error = None
         valid_log_found = False
-
-        for log in logs:
-            if log.address.lower() != self.contract_address.lower():
-                last_error = last_error or PayNodeException(ErrorCode.wrong_contract)
-                continue
-                
+        order_id_mismatch_found = False
+        for log in processed_logs:
             args = log.args
-            
-            # 4. Verify OrderId
-            if args.get("orderId") != order_id_bytes:
-                last_error = PayNodeException(ErrorCode.order_mismatch)
-                continue
-                
-            # 5. Verify Merchant
-            if args.get("merchant", "").lower() != merchant:
-                last_error = PayNodeException(ErrorCode.invalid_receipt, message="Payment went to a different merchant.")
-                continue
-                
-            # 6. Verify Token
-            if args.get("token", "").lower() != token:
-                last_error = PayNodeException(ErrorCode.invalid_receipt, message="Payment used unexpected token.")
-                continue
-                
-            # 7. Verify Amount
-            if args.get("amount", 0) < amount:
-                last_error = PayNodeException(ErrorCode.invalid_receipt, message="Payment amount is below required price.")
-                continue
-
-            # 8. Verify ChainId
-            if self.chain_id and args.get("chainId") != self.chain_id:
-                last_error = PayNodeException(ErrorCode.invalid_receipt, message="ChainId mismatch. Invalid network.")
-                continue
-
-            valid_log_found = True
-            break
+            is_merchant_match = args.get("merchant", "").lower() == merchant
+            is_token_match = args.get("token", "").lower() == token
+            is_amount_match = args.get("amount", 0) >= amount
+            is_order_match = args.get("orderId") == order_id_bytes
 
+            if is_merchant_match and is_token_match and is_amount_match:
+                if is_order_match:
+                    valid_log_found = True
+                    break
+                else:
+                    order_id_mismatch_found = True
+        
         if not valid_log_found:
-            return {"isValid": False, "error": last_error or PayNodeException(ErrorCode.invalid_receipt, message="No matching payment event found.")}
+             if order_id_mismatch_found:
+                 return {"isValid": False, "error": PayNodeException(ErrorCode.order_mismatch, message="Payment log found but orderId does not match")}
+             return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Payment event data mismatch")}
 
-        try:
-            is_new = await self.store.check_and_set(tx_hash, 86400) # 24 hour TTL
+        if self.store:
+            is_new = await self.store.check_and_set(tx_hash, 86400)
             if not is_new:
                 return {"isValid": False, "error": PayNodeException(ErrorCode.duplicate_transaction)}
-        except Exception as e:
-            return {"isValid": False, "error": PayNodeException(ErrorCode.internal_error, details=str(e))}
 
         return {"isValid": True}
+
+    async def verify_transfer_with_authorization(
+        self,
+        token_addr: str,
+        payload: dict,
+        expected: dict,
+        extra: dict = None
+    ) -> dict:
+        """
+        Verifies an EIP-3009 TransferWithAuthorization signature.
+        Includes RPC state checks for balance and nonce status.
+        """
+        if not self.w3:
+            return {"isValid": False, "error": PayNodeException(ErrorCode.rpc_error, message="Verifier web3 instance missing")}
+
+        extra = extra or {}
+        try:
+            signature = payload["signature"]
+            auth = payload["authorization"]
+            
+            # 1. Basic validation
+            if auth["to"].lower() != expected["to"].lower():
+                return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Recipient mismatch")}
+            
+            payload_value = int(auth["value"])
+            expected_value = int(expected["value"])
+            if payload_value < expected_value:
+                return {"isValid": False, "error": PayNodeException(ErrorCode.amount_too_low)}
+
+            # 2. Time window check
+            now = int(time.time())
+            if now < int(auth["validAfter"]):
+                return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Authorization not yet valid")}
+            if now > int(auth["validBefore"]):
+                return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Authorization expired")}
+
+            # 3. Signature verification
+            chain_id = self.chain_id or await asyncio.to_thread(lambda: self.w3.eth.chain_id)
+            domain = {
+                "name": extra.get("name", "USD Coin"),
+                "version": extra.get("version", "2"),
+                "chainId": chain_id,
+                "verifyingContract": Web3.to_checksum_address(token_addr)
+            }
+
+            types = {
+                "EIP712Domain": [
+                    {"name": "name", "type": "string"},
+                    {"name": "version", "type": "string"},
+                    {"name": "chainId", "type": "uint256"},
+                    {"name": "verifyingContract", "type": "address"},
+                ],
+                "TransferWithAuthorization": [
+                    {"name": "from", "type": "address"},
+                    {"name": "to", "type": "address"},
+                    {"name": "value", "type": "uint256"},
+                    {"name": "validAfter", "type": "uint256"},
+                    {"name": "validBefore", "type": "uint256"},
+                    {"name": "nonce", "type": "bytes32"},
+                ]
+            }
+
+            auth_msg = {
+                "from": Web3.to_checksum_address(auth["from"]),
+                "to": Web3.to_checksum_address(auth["to"]),
+                "value": payload_value,
+                "validAfter": int(auth["validAfter"]),
+                "validBefore": int(auth["validBefore"]),
+                "nonce": Web3.to_bytes(hexstr=auth["nonce"])
+            }
+
+            structured_data = {
+                "types": types,
+                "domain": domain,
+                "primaryType": "TransferWithAuthorization",
+                "message": auth_msg
+            }
+
+            from eth_account.messages import encode_typed_data
+            signable_msg = encode_typed_data(full_message=structured_data)
+            recovered_address = Account.recover_message(signable_msg, signature=signature)
+
+            if recovered_address.lower() != auth["from"].lower():
+                return {"isValid": False, "error": PayNodeException(ErrorCode.invalid_receipt, message="Invalid signature")}
+
+            # 4. Idempotency (Nonce local check)
+            nonce = auth["nonce"]
+            if self.store:
+                is_new = await self.store.check_and_set(nonce, 86400)
+                if not is_new:
+                    return {"isValid": False, "error": PayNodeException(ErrorCode.duplicate_transaction, message="Nonce already used in local memory")}
+
+            # 5. RPC State Checks (Balance & Nonce)
+            token_abi = [
+                {
+                    "constant": True,
+                    "inputs": [{"name": "account", "type": "address"}],
+                    "name": "balanceOf",
+                    "outputs": [{"name": "", "type": "uint256"}],
+                    "payable": False,
+                    "stateMutability": "view",
+                    "type": "function",
+                },
+                {
+                    "constant": True,
+                    "inputs": [
+                        {"name": "authorizer", "type": "address"},
+                        {"name": "nonce", "type": "bytes32"}
+                    ],
+                    "name": "authorizationState",
+                    "outputs": [{"name": "", "type": "bool"}],
+                    "payable": False,
+                    "stateMutability": "view",
+                    "type": "function",
+                }
+            ]
+            
+            token_contract = self.w3.eth.contract(address=Web3.to_checksum_address(token_addr), abi=token_abi)
+            authorizer_address = Web3.to_checksum_address(auth["from"])
+            nonce_bytes = Web3.to_bytes(hexstr=nonce)
+
+            # Concurrent RPC calls
+            try:
+                balance, is_nonce_used_on_chain = await asyncio.gather(
+                    asyncio.to_thread(token_contract.functions.balanceOf(authorizer_address).call),
+                    asyncio.to_thread(token_contract.functions.authorizationState(authorizer_address, nonce_bytes).call)
+                )
+            except Exception as e:
+                logger.warning(f"RPC state check failed for token {token_addr}: {e}")
+                if self.store: await self.store.delete(nonce)
+                return {
+                    "isValid": False, 
+                    "error": PayNodeException(ErrorCode.rpc_error, message=f"Cannot verify on-chain state: {e}")
+                }
+
+            if balance < payload_value:
+                if self.store: await self.store.delete(nonce)
+                return {"isValid": False, "error": PayNodeException(ErrorCode.insufficient_funds, message="Insufficient token balance")}
+
+            if is_nonce_used_on_chain:
+                if self.store: await self.store.delete(nonce)
+                return {"isValid": False, "error": PayNodeException(ErrorCode.duplicate_transaction, message="Nonce already consumed on-chain")}
+
+            return {"isValid": True}
+        except Exception as e:
+            return {"isValid": False, "error": PayNodeException(ErrorCode.internal_error, message=str(e))}

paynode_sdk/webhook.py

@@ -3,7 +3,7 @@ PayNode Webhook Notifier — monitors on-chain PaymentReceived events
 and delivers structured webhook POSTs to a merchant's endpoint.
 
 Features:
-- HMAC-SHA256 signature for authenticity (header: x-paynode-signature)
+- HMAC-SHA256 signature for authenticity (header: X-402-Signature)
 - Configurable polling interval
 - Automatic retry with exponential backoff (3 attempts)
 - Async-first design
@@ -73,7 +73,7 @@ class PayNodeWebhookNotifier:
     Usage:
         notifier = PayNodeWebhookNotifier(
             rpc_url="https://mainnet.base.org",
-            contract_address="0x92e20164FC457a2aC35f53D06268168e6352b200",
+            contract_address="0x4A73696ccF76E7381b044cB95127B3784369Ed63",
             webhook_url="https://myshop.com/api/paynode-webhook",
             webhook_secret="whsec_mysecretkey123",
         )
@@ -100,7 +100,7 @@ class PayNodeWebhookNotifier:
             raise ValueError("webhook_secret is required")
 
         self.contract_address = contract_address or PAYNODE_ROUTER_ADDRESS
-        self.w3 = Web3(Web3.HTTPProvider(rpc_url, request_kwargs={"timeout": 10}))
+        self.w3 = Web3(Web3.HTTPProvider(rpc_url, request_kwargs={"timeout": 3}))
         self.contract = self.w3.eth.contract(
             address=Web3.to_checksum_address(self.contract_address),
             abi=PAYNODE_ROUTER_ABI
@@ -120,7 +120,7 @@ class PayNodeWebhookNotifier:
     async def start(self, from_block: Optional[int] = None) -> None:
         """Start polling for PaymentReceived events."""
         if self._running:
-            logger.warning("[PayNode Webhook] Already running.")
+            logger.warning("🔔 [PayNode Webhook] Already running.")
             return
 
         self._last_block = from_block if from_block is not None else self.w3.eth.block_number
@@ -158,7 +158,7 @@ class PayNodeWebhookNotifier:
 
                     self._last_block = current_block
             except Exception as e:
-                logger.error(f"[PayNode Webhook] Poll error: {e}")
+                logger.error(f"❌ [PayNode Webhook] Poll error: {e}")
 
             await asyncio.sleep(self.poll_interval)
 
@@ -179,7 +179,7 @@ class PayNodeWebhookNotifier:
                 timestamp=time.time(),
             )
         except Exception as e:
-            logger.error(f"[PayNode Webhook] Failed to parse event: {e}")
+            logger.error(f"❌ [PayNode Webhook] Failed to parse event: {e}")
             return None
 
     async def _deliver(self, event: PaymentEvent, attempt: int = 1) -> None:
@@ -201,9 +201,9 @@ class PayNodeWebhookNotifier:
 
         headers = {
             "Content-Type": "application/json",
-            "x-paynode-signature": f"sha256={signature}",
-            "x-paynode-event": "payment.received",
-            "x-paynode-delivery-id": f"{event.tx_hash}-{attempt}",
+            "X-402-Signature": f"sha256={signature}",
+            "X-402-Event": "payment.received",
+            "X-402-Delivery-Id": f"{event.tx_hash}-{attempt}",
             **self.custom_headers,
         }
 
@@ -221,13 +221,13 @@ class PayNodeWebhookNotifier:
                         self.on_success(event)
 
         except Exception as e:
-            logger.error(f"[PayNode Webhook] Delivery failed (attempt {attempt}/{MAX_RETRIES}): {e}")
+            logger.error(f"⚠️ [PayNode Webhook] Delivery failed (attempt {attempt}/{MAX_RETRIES}): {e}")
 
             if attempt < MAX_RETRIES:
                 backoff = (2 ** attempt)  # 2s, 4s, 8s
                 await asyncio.sleep(backoff)
                 return await self._deliver(event, attempt + 1)
 
-            logger.error(f"[PayNode Webhook] Gave up on tx {event.tx_hash} after {MAX_RETRIES} attempts.")
+            logger.error(f"❌ [PayNode Webhook] Gave up on tx {event.tx_hash} after {MAX_RETRIES} attempts.")
             if self.on_error:
                 self.on_error(e, event)