Codex x402 verification is on-chain authoritative

Decision

The Coinbase facilitator is queried as a fast-path hint, but its valid:true response never bypasses local on-chain verification: a USDC Transfer log present in receipt.logs, log.address == CODEX_USDC_ADDRESS, topics[2] == payTo, data >= expectedMin, and at least 12 block confirmations. A UNIQUE constraint on payments.tx_hash prevents cross-isolate replay.

Trade-off

About 2 seconds of added latency per payment request for the RPC call, versus arbitrary trust in a third-party HTTP endpoint. Worth it for a payment surface.