fix(#5551): quick fix

[weilixiong]

Fixes #5551

[HCIE2054]

LGTM!

[508704820]

Security Review ✅

Quick fix follow-up to #5551 (OTC order validation). Minor correction.

Reviewed by Xeophon - Solana: Lt9nERv6VHsojw15LpFeiaabuphAggzfLF9sM9UXRrZ

[jaxint]

LGTM! Thanks for the contribution.

[TJCurnutte]

Thanks for the quick follow-up. I checked this against head 2a5af2101828ccc0fa105110f267ecea94e736d8.

Validation run:

• git diff --check origin/main...HEAD -- node/beacon_x402.py node/server_proxy.py otc-bridge/otc_bridge.py
• python3 -B -m py_compile node/beacon_x402.py node/server_proxy.py otc-bridge/otc_bridge.py
• Flask test-client probe for POST /api/orders with a temp OTC_DB_PATH after init_db():
  • JSON array body now returns 400 {'error': 'expected JSON object'}.
  • ttl_seconds='abc' still returns a server 500 from ValueError: invalid literal for int() with base 10: 'abc' at ttl = int(data.get("ttl_seconds", ORDER_TTL_DEFAULT)).
  • ttl_seconds=1.5 is accepted with 201 and writes an order.
  • ttl_seconds=True is accepted with 201 and writes an order.

So the non-object body guard is good, but this does not fully close the ttl_seconds validation issue from #5551. The conversion still happens before typed validation, and int(...) both throws on bad strings and silently coerces bools/floats into a valid TTL. For this endpoint I would expect ttl_seconds to be absent or an actual integer value, with strings/floats/bools rejected as 400 before any order is created.

Also worth splitting if this PR is meant only to fix #5551: the same head includes Beacon x402 and server-proxy changes too, which makes the review/merge boundary less clear.

[kekehanshujun]

I reviewed this as part of the #73 code review bounty.

Findings:

1. Scope mismatch: the PR says Fixes #5551 (OTC order validation), but 2 of the 3 changed files are unrelated Beacon x402 / server proxy changes. Those hunks appear to duplicate the #5549/#5554 work and will add merge noise for an OTC-only fix. Please narrow this PR to otc-bridge/otc_bridge.py, or retitle and re-scope it so reviewers know it is intentionally touching three different issues.
2. The OTC change adds a non-object body guard, but there is no regression test for the reported failure mode ([], scalar JSON, invalid/huge ttl_seconds). Without that test coverage, the PR can still miss the #5551 acceptance path even if the one-line guard is correct.
3. CI is currently red on the global pytest collection because required test dependencies are missing (aiohttp, flask_cors, matplotlib). That looks repository-wide rather than caused by this patch, but the PR should either document the unrelated failure or re-run once the dependency fix lands.

I received RTC compensation for this review.

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[jaxint]

LGTM! Great work on this PR. 🚀

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[weilixiong]

Hi @TJCurnutte, could you take a look at this PR when you have a moment? Thanks!

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[HCIE2054]

LGTM!

[Scottcjn]

Identical duplicate of PR #5554 and #5555 — same scope-exploded patch on top of #5549. Per Codex forensic audit (2026-05-18); please consolidate work into #5549 rather than re-rolling the same diff.