--- name: x402station description: > Payment-safety guard for the x402 agentic-commerce network. Installs as MCP server, fetch middleware, or framework plugin and runs before every PAYMENT-SIGNATURE — tells AI agents whether a given x402 endpoint URL is safe to pay before they sign an EIP-712 authorization. Detects decoys ($1000+ honeypots), zombie services (100% erroring), dead endpoints, price traps, and slow services. Probes every endpoint on agentic.market every 10 minutes, independently. Eleven tools (preflight, preflight_batch, forensics, catalog_decoys, alternatives, whats_new, buy_credits, watch_subscribe, watch_status, watch_unsubscribe, credits_status). Bulk single-URL credits: $0.50 = 1000 calls. Batch (2–50 URLs): $0.025/call. version: "1.0.0" homepage: https://x402station.io mcp_endpoint: https://x402station.io/mcp transport: streamable_http --- # x402station — payment-safety guard for x402 agents Payment-safety guard for the x402 agentic-commerce network. Installs as MCP server, fetch middleware, or framework plugin and runs before every `PAYMENT-SIGNATURE`. Tells AI agents whether a given x402 endpoint URL is safe to pay BEFORE they sign an EIP-712 authorization. Detects decoys (`price ≥ $1000 USDC`), zombie services (`100% erroring in last hour`), dead endpoints, price traps, and slow services. Probes every endpoint on [agentic.market](https://agentic.market) every 10 minutes, independently — no facilitator dependency. ## Agent policy (copy into your agent's system prompt) Use this exact policy in your agent's instructions when it pays x402 endpoints. The signal vocabulary, critical-set, and decision tree below are stable — update only if x402station ships a major version. ``` Before paying any x402 endpoint: 1. POST the URL to https://x402station.io/api/v1/preflight ($0.001 USDC). Pass via X-Credit-Id header if you bought a credit bundle. 2. Inspect the response: - ok: true → safe to pay. - ok: false AND warnings include any of: dead, zombie, decoy_price_extreme, dead_7d, mostly_dead, never_paid_zombie → DO NOT PAY. The endpoint is broken, a honeypot, or has never been paid (CDP-confirmed). - ok: true AND warnings include slow / slow_p99 / new_provider → pay only if the task tolerates slowness or unproven providers; otherwise call /forensics. - metadata.has_free_trial: true → SIWE-verified free path; try $0 first. - metadata.established: true → ≥5 unique payers in 30d (positive). 3. If preflight blocked the URL, call POST https://x402station.io/api/v1/alternatives ($0.005 USDC) with the same { url } (or a { taskClass } hint). Pick the first returned alternative whose match_reason is same_service or same_provider; that is the closest swap-in. 4. For high-volume routing (>1000 preflight calls/month), buy POST /api/v1/credits ($0.50 = 1000 prepaid preflights, $0.0005/call effective) once and pass X-Credit-Id on every preflight call. 5. For long-running watches, subscribe via POST /api/v1/watch ($0.01 USDC = 30-day watch + 100 prepaid HMAC- signed alerts) — useful for trading agents that pay the same endpoint hourly. ``` ## When to use this skill - About to pay any x402 endpoint URL → call `preflight` first ($0.001). Returns `{ ok, warnings[], metadata }`. `ok: false` means at least one critical signal fired (`dead`, `zombie`, `decoy_price_extreme`). - Evaluating 2–50 URLs at once (aggregator / router / crawler) → call `preflight_batch` ($0.025 flat). POST `{ urls: string[] }`, get one result entry per URL in input order. Same signal vocabulary + CDP enrichment as `preflight`. At full 50-URL batch: $0.0005/url (50% off). Response includes `summary { total, ok, blocked, by_recommended_action }` so the agent can branch without iterating results. - Need 7-day history (uptime, latency p50/p90/p99, decoy probability) on one URL → call `forensics` ($0.001). Superset of preflight. - Want a precomputed blacklist to filter URLs locally → call `catalog_decoys` ($0.005). Internal data refreshes every 10 min — pull hourly is plenty. - Preflight returned `ok: false` and you need a routing fallback → call `alternatives` ($0.005) with the flagged `url` (or a `taskClass` hint). Returns up to 5 healthy sibling endpoints in the same provider / domain / category / price-band, ranked by uptime + latency. - Polling for catalog changes (aggregator agents) → call `whats_new` ($0.001). Body `{ since?, limit? }` (default since=now-24h, limit=200, max 500). Returns added/removed endpoints + service-level counts. Internal ingest cron runs every 5 min — polling more often is wasted. - High-volume preflight workload (bot crawling many URLs) → `buy_credits` ($0.50) once, then pass the returned `creditId` via `X-Credit-Id` header on every `/api/v1/preflight` call. 1000 prepaid calls per bundle = $0.0005/call (50% off). On exhaustion/expiry the middleware falls through to per-call x402 automatically — no code change needed. `credits_status(creditId)` is free and returns current balance + expiry. - Need a webhook on endpoint state change → `watch_subscribe` ($0.01 = 30-day watch + 100 prepaid alerts). HMAC-SHA256-signed POSTs to your webhookUrl when subscribed signals fire/clear. ## When NOT to use this skill - For endpoints outside the agentic.market catalog. Calling `preflight` with a URL we don't track returns `{ ok: false, warnings: ["unknown_endpoint"] }` — and the call is still billed (the lookup costs the same). - As an x402 facilitator. We're a safety guard, not a facilitator; pay through your own (Coinbase CDP or x402.org/facilitator). - For endpoint discovery. We don't list available x402 endpoints. Use the [agentic.market](https://agentic.market) API or [Coinbase Bazaar](https://api.cdp.coinbase.com/platform/v2/x402/discovery/resources) for that. ## Auth x402 v2 payment, EIP-712 authorization in the `PAYMENT-SIGNATURE` header. - Networks: Base mainnet (`eip155:8453`) and Base Sepolia (`eip155:84532`) - Asset: USDC (Circle) - Scheme: `exact` - Receiver: `0x4053338C7cB38624C0bc23c900F78Cf8470b4E38` - Facilitator: `https://x402.org/facilitator` (Coinbase CDP for mainnet) The first request returns HTTP 402 with a base64-encoded `payment-required` header. Decode → sign EIP-712 → retry with `PAYMENT-SIGNATURE` header carrying the signed payload. ## Tools | Tool | Method + path | Price | |---|---|---| | `preflight` | POST /api/v1/preflight | $0.001 (or X-Credit-Id) | | `preflight_batch` | POST /api/v1/preflight-batch | $0.025 (1–50 URLs) | | `forensics` | POST /api/v1/forensics | $0.001 | | `catalog_decoys` | POST /api/v1/catalog/decoys | $0.005 | | `alternatives` | POST /api/v1/alternatives | $0.005 | | `whats_new` | POST /api/v1/whats-new | $0.001 | | `buy_credits` | POST /api/v1/credits | $0.50 (= 1000 preflights) | | `credits_status` | GET /api/v1/credits/{id} | free, id-gated | | `watch_subscribe` | POST /api/v1/watch | $0.01 | | `watch_status` | GET /api/v1/watch/{id} | free, secret-gated | | `watch_unsubscribe` | DELETE /api/v1/watch/{id} | free, secret-gated | Body for paid POSTs: `{ "url": "" }`. `/api/v1/preflight-batch` accepts `{ "urls": ["", ...] }` (1–50 http(s) strings; duplicates are deduplicated). `/api/v1/watch` also accepts `webhookUrl` and an optional `signals` array. `/api/v1/alternatives` accepts `{ url?, taskClass?, limit? }` (at least one of `url` or `taskClass`; `limit` 1..10, default 5). `/api/v1/whats-new` accepts `{ since?, limit? }` (default since=now-24h max 30d back; limit 1..500 default 200). ## Signal vocabulary `warnings[]` strings returned by `preflight` / `forensics`. Critical signals (those that flip `ok` to `false`) are bold: - **`dead`** — ≥3 unhealthy probes in the last 30 min - **`zombie`** — ≥3 probes in the last hour, zero healthy - **`decoy_price_extreme`** — listed price ≥ $1000 USDC - **`dead_7d`** — ≥20 probes over 7 days, zero healthy (forensics-only) - **`mostly_dead`** — ≥20 probes over 7 days, uptime < 50% (forensics-only) - **`never_paid_zombie`** — CDP confirms zero paid calls in 30d, no historical lastCalledAt, endpoint older than 30d. Distinct from `zombie` (HTTP probes only) — checks the Coinbase paid-call ledger - `unknown_endpoint` — URL not in our catalog (informational; still billed) - `no_history` — in catalog but no probes in the last hour - `suspicious_high_price` — price $10–$1000 USDC - `slow` — avg latency ≥ 2000 ms in the last hour - `new_provider` — service first seen < 24h ago - `slow_p99` — latency_p99 ≥ 5000 ms (forensics-only) - `price_outlier_high` — current price > 10× provider-group median - `high_concentration` — endpoint's provider owns ≥ 5% of the catalog Positive informational flags surfaced under `metadata` (NOT in `warnings[]`): - `metadata.established` — CDP reports ≥ 5 distinct payer wallets in 30d (real-demand signal; useful for ranking `alternatives` candidates) - `metadata.has_free_trial` — endpoint advertises an `extensions.agentkit` (Exa-style) or `extensions.sign-in-with-x` SIWE handshake; agent can attempt `$0` first ## Adapter For Claude Code / Cursor / Windsurf / Continue agents speaking the Model Context Protocol: ```bash npx -y x402station-mcp ``` The adapter wraps the four paid tools above plus the two free secret-gated ones. Auto-signs PAYMENT-SIGNATURE through `AGENT_PRIVATE_KEY`. ## Links - Service: - Manifest: - OpenAPI: - A2A agent card: - API Catalog (RFC 9727): - Source: - npm: - MCP Registry: ## Contact - General + commercial: - Bug reports: - Security disclosures (RFC 9116): ## License MIT (source code). Data API is x402-paid, pay per call.