about x402station

x402 is the HTTP 402 payment protocol Coinbase and Cloudflare use for agent-to-service payments. agentic.market lists ~49,000 payable endpoints. The catalog is a minefield for naive agents:

• ·74 endpoints currently listed at ≥$1,000 USDC per call — anti-scraper soft-locks. An auto-paying agent drains its wallet on the first call.
• ·~14 services 100% erroring in the last hour but still listed is_active: true.
• ·87%of the catalog (~43k of 49k endpoints) sits inside two providers' billing namespaces — single-source failure risk.
• ·Median real price is $0.02 USDC. The honeypot zone hides inside that price floor — five orders of magnitude apart, identical schema. A naive routing decision is a wallet drain.

Facilitator-based monitors (x402gle, 402index, x402list.fun) only see successful payments. They cannot see endpoints nobody ever called — decoys, zombies, dead routes. Independent probing is the only way to surface those.

A safety layer that sits between the agent and the payment graph. Three paid surfaces backed by one continuous probe pipeline:

• ·Guard — synchronous pre-flight check. Agent calls POST /api/v1/preflight for $0.001 USDC before paying any unfamiliar URL. Returns {ok, warnings, metadata}. Fail-closed by default.
• ·Forensics — 7-day diagnostic for any URL. Agent posts the URL once, gets back uptime %, p50/p99 latency, signal flags, peer comparison. $0.001 USDC. Used at integration time, not per-call.
• ·Watch — async webhook alerts. Subscribe a URL once for $0.01 USDC; get pushed an alert when it flips state (dead, zombie, decoy, price drift, concentration change, recovered). 30-day window, 100 prepaid alerts.
• ·Verified — supply-side. Service operators mint a $1 USDC certificate proving their endpoints aren't on the blacklist. Re-mint anytime to refresh the 30-day window.

All four surfaces share the same open signal vocabulary — protocol-agnostic terms (decoy_price_extreme, zombie, dead, price_drift, high_concentration, recovered). Same words, four different agent surfaces.

One probe worker continuously sweeps the catalog (every endpoint, every ~10 minutes). Probe results go into a TimescaleDB hypertable. A signal classifier applies the open vocabulary on every probe. The classifier output drives all four paid surfaces:

agentic.market catalog (49k endpoints)
        │
        ▼
  probe worker  ──── every 10 min ────→ TimescaleDB
        │                                    │
        │                          signal classifier
        │                                    │
        ▼                ┌───────────────────┼───────────────────┐
                         ▼                   ▼                   ▼
                       Guard            Forensics             Watch
                  (sync $0.001)        (7d $0.001)        (async $0.01)
                         │                                       ▲
                         └────── shared signal vocabulary ───────┘

• ·Agent developers integrating x402 payments — wrap your fetch with Guard middleware and your agent stops paying traps.
• ·x402 service operators — mint a verified-badge cert; agents using Guard prefer verified endpoints when routing alternatives.
• ·x402 Foundation, Coinbase CDP, Cloudflare Agents — open signal spec is protocol-agnostic; reference us in tutorials.
• ·Crypto data researchers — six months of hourly catalog snapshots are public at /reports.

• ·We do not route payments. We classify endpoints; the agent decides whether to pay.
• ·We do not store agent secrets, wallets, or PII. Probe-and-publish only.
• ·We do not sell agent inboxes or bid on traffic. The signal vocabulary is objective and open.
• ·We do not gate-keep verified status: a provider can pay for the audit, but cannot pay to remove a risk signal. Different paths, different gates.

• ·Bun + TypeScript probe workers
• ·Postgres 17 + TimescaleDB on a €4/mo Hetzner ARM box
• ·Next.js 16 dashboard + paid endpoints
• ·Coinbase CDP public x402 facilitator
• ·Whole thing fits in 4 GB of RAM

• ·Read the full specification — endpoints, signal vocabulary, agent integration patterns. Written AI-first.
• ·Install Guard into your agent runtime — npm middleware, MCP server, or raw API.
• ·Read the 60-day case study — what we blocked and what changed.
• ·Email hello@x402station.io — bugs, feature requests, edge cases. Operator input shapes the roadmap directly.