What
In app/src/app/api/consume/route.ts, read agentRegistry.ownerOf(agentTokenId) BEFORE calling the Phala TEE enclave. Reject grants where the recovered EIP-712 signer does not match.
Why
Codex review (2026-05-11) flagged this as MEDIUM: invalid grants currently force an enclave call before the on-chain contract reverts. Avoidable enclave/relayer load if we validate cheaper.
Acceptance
- Pre-check uses
publicClient.readContract({ functionName: "ownerOf", args: [tokenId] }).
- Mismatch returns 400
signer_not_owner with clear message.
- Enclave call only fires for grants that would pass the on-chain owner check.
- E2E test verifies the new failure path returns 400, not 500.
Refs
What
In
app/src/app/api/consume/route.ts, readagentRegistry.ownerOf(agentTokenId)BEFORE calling the Phala TEE enclave. Reject grants where the recovered EIP-712 signer does not match.Why
Codex review (2026-05-11) flagged this as MEDIUM: invalid grants currently force an enclave call before the on-chain contract reverts. Avoidable enclave/relayer load if we validate cheaper.
Acceptance
publicClient.readContract({ functionName: "ownerOf", args: [tokenId] }).signer_not_ownerwith clear message.Refs
app/src/app/api/consume/route.ts:172-206