| Version | Supported |
|---|---|
latest (main) |
✅ |
Please do not open a public issue for security vulnerabilities — this service handles x402 payment authorizations (EIP-3009 signatures) and OKX Developer Portal credentials, so please report privately:
- Email edy.cu@live.com, or
- Use GitHub's private vulnerability reporting (Security → Report a vulnerability).
You'll get an acknowledgment within 48 hours and a resolution timeline after triage. Please give us a reasonable window to patch before public disclosure.
OKX_API_KEY/OKX_SECRET_KEY/OKX_PASSPHRASEare Developer Portal facilitator credentials — never commit real values;.env.exampleonly ships placeholders.PAYTO_ADDRESSis a public receive address, safe to share.api/rails/localFacilitator.tsperforms real EIP-3009 signature recovery (viaviem) but never fabricates on-chain settlement — if you find a way to make it report a fakesuccess: true, that is a vulnerability, please report it privately.