ALLOW / BLOCK / ESCALATE verdict with reasoning and a signed,
independently verifiable proof. One credit per run.
The order matters: x402 settlement is an irreversible push payment, so the only
safe sequence is receive terms → verify → sign on ALLOW. Chance never holds
keys, never signs, never settles. It is the gate between the quote and the
signature.
The six checks
Every run inspects the payment along six fixed categories. The judge’s verdict weighs all of them against your policy.Vendor reputation, from the Coinbase Bazaar
The x402 Bazaar is Coinbase’s public index of x402 services that have actually settled payments through the CDP facilitator. For every payment, the verifier looks the recipient up and reads:- whether the
payTomatches a listed service for the resource’s host, - its unique payers and paid-call count over the last 30 days,
- when it last settled a payment.
The attack catalog
The dashboard ships these as one-click examples. Each demonstrates a real pattern the checks exist to catch; the default policy names every one of the five as grounds to block or escalate.Integrate it in your agent
The same engine runs behindPOST /api/v1/intent with venue: "x402". Probe
the paid endpoint, verify the decoded terms, and only let your x402 client sign
on ALLOW:
curl against live terms; agents in Claude or ChatGPT get the
same check through the connector as verify_intent with
venue: "x402".
Why verify agent payments?
The case for a verification layer in the agentic economy.
x402 venue reference
Recognized payloads, live curl example, and how the harness knows x402.
