Skip to content

refactor: improve X402Auth streaming stability and schema filtering#147

Open
lofingv wants to merge 6 commits intoOpenGradient:mainfrom
lofingv:audit/x402-auth-security
Open

refactor: improve X402Auth streaming stability and schema filtering#147
lofingv wants to merge 6 commits intoOpenGradient:mainfrom
lofingv:audit/x402-auth-security

Conversation

@lofingv
Copy link

@lofingv lofingv commented Feb 5, 2026

Description

This PR refactors the X402Auth handler to ensure better reliability during streaming requests and aligns the implementation with the documented arguments.

Key Changes:

  • Streaming Stability: Added request.read() before the initial request. This ensures that the request body can be re-read if a 402 challenge occurs, preventing StreamConsumed errors during LLM streaming or large POST requests.
  • Schema Filtering: Added the missing scheme_filter argument to __init__ to match the existing docstring documentation and improve payment selection flexibility.
  • Robustness: Added a safety check for selected_requirements. If no compatible payment method is found, it now logs an error and returns gracefully instead of potentially failing downstream.
  • Improved Error Logging: Updated exception handling to provide clearer string representation of errors.

Testing:

  • Verified that the httpx.Auth flow correctly handles 402 responses without losing the original request context.

@adambalogh adambalogh requested a review from Copilot February 5, 2026 14:44
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the X402Auth authentication handler by addressing streaming reliability issues and aligning the implementation with its documented interface. The changes ensure that request bodies can be re-read during 402 payment challenges, preventing StreamConsumed errors in streaming scenarios.

Changes:

  • Added request.read() to buffer request bodies before initial submission, enabling re-reading after 402 responses
  • Added missing scheme_filter parameter to match documented API
  • Simplified type hints for the payment requirements selector callback
  • Added validation to handle cases where no compatible payment method is found

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@lofingv
refactor: improve type safety and use scheme_filter in auth flow
0a5ad6a 
Add PaymentSelector type alias and pass scheme_filter to requirements selector as suggested by Copilot
@lofingv
Copy link
Author

lofingv commented Feb 6, 2026

Updated types with a Type Alias and fixed scheme_filter usage as suggested by Copilot. Ready for review

@adambalogh
Copy link
Contributor

adambalogh commented Feb 6, 2026

Thanks!

@lofingv
Copy link
Author

lofingv commented Feb 7, 2026

Updated the PR to match the new project structure. The x402_auth.py has been moved to the client/ folder, and I've also implemented the scheme_filter and improved type safety with PaymentSelector as we discussed.

@lofingv
Copy link
Author

lofingv commented Feb 7, 2026

Thanks!

No problem at all! I'm really enjoying the project, so happy to jump in and help whenever I can.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lofingv @adambalogh