ObolNetwork · bussyjd · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026
diff --git a/.agents/skills/obol-stack-dev/SKILL.md b/.agents/skills/obol-stack-dev/SKILL.md
@@ -261,3 +261,4 @@ go test -tags integration -v -run TestIntegration_Tunnel_SellDiscoverBuySidecar_
 - **ConfigMap propagation**: File watcher takes 60-120s. Force restart verifier for immediate effect.
 - **Projected ConfigMap refresh**: the LiteLLM pod can take ~60s to reflect updated buyer ConfigMaps in the sidecar.
 - **eRPC balance lag**: `buy.py balance` uses `eth_call` through eRPC, and the default unfinalized cache TTL is 10s. After a paid request, poll until the reported balance catches up with the on-chain delta.
+- **kubectl exec shell quoting**: NEVER use `sh -c` with `fmt.Sprintf` to embed JSON or secrets in shell commands passed via `kubectl exec`. JSON body or auth tokens containing single quotes will break the shell. Instead, pass args directly: `kubectl exec ... -- wget -qO- --post-data=<json> --header=Authorization:\ Bearer\ <key> <url>`. Each argument goes as a separate argv element, bypassing shell interpretation entirely.
diff --git a/cmd/obol/sell.go b/cmd/obol/sell.go
@@ -105,7 +105,7 @@ Examples:
 			&cli.StringFlag{
 				Name:  "facilitator",
 				Usage: "x402 facilitator URL",
-				Value: "https://facilitator.x402.rs",
+				Value: x402verifier.DefaultFacilitatorURL,
 			},
 			&cli.StringFlag{
 				Name:    "listen",
@@ -1375,15 +1375,19 @@ Examples:
 			}
 			agentURI := endpoint + "/.well-known/agent-registration.json"
 
-			// Determine signing method: remote-signer (preferred) or private key file (fallback).
+			// Determine signing method: private key file (if explicitly provided)
+			// or remote-signer (default when OpenClaw agent is deployed).
 			useRemoteSigner := false
 			var signerNS string
 
-			if _, err := openclaw.ResolveWalletAddress(cfg); err == nil {
-				ns, nsErr := openclaw.ResolveInstanceNamespace(cfg)
-				if nsErr == nil {
-					useRemoteSigner = true
-					signerNS = ns
+			// If --private-key-file is explicitly provided, honour user intent.
+			if !cmd.IsSet("private-key-file") {
+				if _, err := openclaw.ResolveWalletAddress(cfg); err == nil {
+					ns, nsErr := openclaw.ResolveInstanceNamespace(cfg)
+					if nsErr == nil {
+						useRemoteSigner = true
+						signerNS = ns
+					}
 				}
 			}
 
@@ -1494,7 +1498,7 @@ func registerDirectViaSigner(ctx context.Context, cfg *config.Config, u *ui.UI,
 	u.Printf("    Wallet:   %s", addr.Hex())
 
 	// Connect to eRPC for this network.
-	client, err := erc8004.NewClientForNetwork(ctx, "http://localhost/rpc", net)
+	client, err := erc8004.NewClientForNetwork(ctx, "http://obol.stack/rpc", net)
 	if err != nil {
 		return fmt.Errorf("connect to %s via eRPC: %w", net.Name, err)
 	}
@@ -1529,7 +1533,7 @@ func registerDirectWithKey(ctx context.Context, u *ui.UI, net erc8004.NetworkCon
 		return fmt.Errorf("invalid private key: %w", err)
 	}
 
-	client, err := erc8004.NewClientForNetwork(ctx, "http://localhost/rpc", net)
+	client, err := erc8004.NewClientForNetwork(ctx, "http://obol.stack/rpc", net)
 	if err != nil {
 		return fmt.Errorf("connect to %s via eRPC: %w", net.Name, err)
 	}

diff --git a/cmd/obol/sell_test.go b/cmd/obol/sell_test.go
@@ -186,7 +186,7 @@ func TestSellInference_Flags(t *testing.T) {
 	assertStringDefault(t, flags, "chain", "base-sepolia")
 	assertStringDefault(t, flags, "listen", ":8402")
 	assertStringDefault(t, flags, "upstream", "http://localhost:11434")
-	assertStringDefault(t, flags, "facilitator", "https://facilitator.x402.rs")
+	assertStringDefault(t, flags, "facilitator", "https://x402.gcp.obol.tech")
 	assertStringDefault(t, flags, "vm-image", "ollama/ollama:latest")
 	assertIntDefault(t, flags, "vm-cpus", 4)
 	assertIntDefault(t, flags, "vm-memory", 8192)

diff --git a/cmd/x402-buyer/main.go b/cmd/x402-buyer/main.go
@@ -28,8 +28,10 @@ import (
 
 func main() {
 	var (
-		configPath     = flag.String("config", "/config/config.json", "path to upstream config JSON")
-		authsPath      = flag.String("auths", "/config/auths.json", "path to pre-signed auths JSON")
+		configDir      = flag.String("config-dir", "", "directory of per-upstream config files (SSA mode)")
+		authsDir       = flag.String("auths-dir", "", "directory of per-upstream auth files (SSA mode)")
+		configPath     = flag.String("config", "/config/config.json", "single config JSON file (legacy)")
+		authsPath      = flag.String("auths", "/config/auths.json", "single auths JSON file (legacy)")
 		statePath      = flag.String("state", "/state/consumed.json", "path to persisted consumed-auth state")
 		listen         = flag.String("listen", ":8402", "listen address")
 		reloadInterval = flag.Duration("reload-interval", 5*time.Second, "config/auth reload interval")
@@ -42,14 +44,9 @@ func main() {
 		log.Fatalf("load state: %v", err)
 	}
 
-	cfg, err := buyer.LoadConfig(*configPath)
+	cfg, auths, err := loadConfigAndAuths(*configDir, *authsDir, *configPath, *authsPath)
 	if err != nil {
-		log.Fatalf("load config: %v", err)
-	}
-
-	auths, err := buyer.LoadAuths(*authsPath)
-	if err != nil {
-		log.Fatalf("load auths: %v", err)
+		log.Fatalf("load config/auths: %v", err)
 	}
 
 	proxy, err := buyer.NewProxy(cfg, auths, state)
@@ -89,26 +86,25 @@ func main() {
 		defer ticker.Stop()
 
 		go func() {
+			reload := func(reason string) {
+				newCfg, newAuths, err := loadConfigAndAuths(*configDir, *authsDir, *configPath, *authsPath)
+				if err != nil {
+					log.Printf("reload (%s): %v", reason, err)
+					return
+				}
+				if err := proxy.Reload(newCfg, newAuths); err != nil {
+					log.Printf("reload proxy (%s): %v", reason, err)
+				}
+			}
+
 			for {
 				select {
 				case <-ctx.Done():
 					return
 				case <-ticker.C:
-					cfg, err := buyer.LoadConfig(*configPath)
-					if err != nil {
-						log.Printf("reload config: %v", err)
-						continue
-					}
-
-					auths, err := buyer.LoadAuths(*authsPath)
-					if err != nil {
-						log.Printf("reload auths: %v", err)
-						continue
-					}
-
-					if err := proxy.Reload(cfg, auths); err != nil {
-						log.Printf("reload proxy: %v", err)
-					}
+					reload("ticker")
+				case <-proxy.ReloadCh():
+					reload("admin")
 				}
 			}
 		}()
@@ -124,3 +120,33 @@ func main() {
 		fmt.Fprintf(os.Stderr, "shutdown: %v\n", err)
 	}
 }
+
+// loadConfigAndAuths loads config and auths from either directory mode (SSA,
+// one file per upstream) or single-file mode (legacy, all upstreams in one JSON).
+func loadConfigAndAuths(configDir, authsDir, configPath, authsPath string) (*buyer.Config, buyer.AuthsFile, error) {
+	var (
+		cfg   *buyer.Config
+		auths buyer.AuthsFile
+		err   error
+	)
+
+	if configDir != "" {
+		cfg, err = buyer.LoadConfigDir(configDir)
+	} else {
+		cfg, err = buyer.LoadConfig(configPath)
+	}
+	if err != nil {
+		return nil, nil, fmt.Errorf("config: %w", err)
+	}
+
+	if authsDir != "" {
+		auths, err = buyer.LoadAuthsDir(authsDir)
+	} else {
+		auths, err = buyer.LoadAuths(authsPath)
+	}
+	if err != nil {
+		return nil, nil, fmt.Errorf("auths: %w", err)
+	}
+
+	return cfg, auths, nil
+}