Internal Go sidecar for Hyrule Cloud's x402-gated POST /v1/network/request endpoint.
Hyrule Cloud verifies and settles x402 payments. This service accepts only authenticated internal requests from Hyrule Cloud, applies egress policy, and dispatches requests over one of four explicit modes:
directtori2pyggdrasil
It is not a public proxy and must not be exposed to the Internet.
All /v1/* endpoints require:
Authorization: Bearer <HNP_AUTH_TOKEN>{"status":"ok","service":"hyrule-network-proxy","version":"dev"}Reports whether each mode appears usable.
Request:
{
"request_id": "optional-id",
"url": "https://example.com",
"method": "GET",
"headers": {"accept": "text/html"},
"body": null,
"proxy_mode": "direct",
"timeout_seconds": 15
}Response:
{
"status_code": 200,
"headers": {"content-type": "text/html"},
"body": "...",
"elapsed_seconds": 0.12,
"proxy_mode": "direct",
"error": null
}Handled upstream and policy failures return HTTP 200 with a NetworkResponse body containing status_code and error. Authentication/server failures use normal HTTP error statuses.
See packaging/env.example.
go test ./...
go vet ./...
go build ./cmd/hyrule-network-proxyRun locally:
HNP_AUTH_TOKEN=dev-secret \
HNP_API_LISTEN_ADDR=127.0.0.1:8450 \
HNP_METRICS_LISTEN_ADDR=127.0.0.1:8451 \
go run ./cmd/hyrule-network-proxyHyrule Cloud API
-> http://[netproxy]:8450/v1/request
Authorization: Bearer <vault token>
Prometheus
-> http://[netproxy]:8451/metrics
The sidecar should run on netproxy.servify.network, with firewall rules allowing:
8450/tcponly from theapiVM;8451/tcponly from themonVM.