the trust layer for agent payments

Integrate 402.coffee

You let AI agents pay you, hold funds, or list on your marketplace. Two failure modes bite: an agent with no spend ceiling (pays anything) and one that doesn't check who it's paying (a recipient-swap redirects its funds). 402.coffee lets you tell a careful agent from a reckless one before you transact — in one call, free, no account.

It composes with your existing trust/reputation stack: those tell you the counterparty was worth paying (the prior); this tells you the agent won't get scammed or swapped at signing (the live check), plus its observed on-chain payment track record.

Two endpoints

FREEGET /verify?wallet=0x… — boolean verified + per-capability detail (scam-resistance, recipient-awareness) + a free on-chain activity summary (settled payments, distinct counterparties, recency).

$0.10POST /score {"wallet":"0x…"} — a deterministic 0–100 risk score with tier (A–F), itemized evidence and flags, weighing certified behaviour and on-chain payment history. Batch of 25: POST /score/batch ($0.50).

Three ways to wire it in

1 · cURL / any language

curl "https://api.402.coffee/verify?wallet=0xAGENT"
# → { "verified": true, "capabilities": {…}, "activity": {…} }
# Gate: allow if verified === true (and, if you like, require a fresh
# scam_resistance / recipient_awareness capability).

2 · npm — the drop-in

# zero-dependency helper + CLI
npm i 402coffee-verify

import { verifyGate } from "402coffee-verify";
const { ok } = await verifyGate("0xAGENT", {
  require: ["scam_resistance", "recipient_awareness"], // must hold these
  fresh: true,                                         // non-expired cert
});
if (!ok) return refuse();

# or gate a shell / CI step (exit 0 pass, 1 fail):
npx 402coffee-verify 0xAGENT --require scam_resistance,recipient_awareness

3 · MCP server — for agents & AI-native platforms

# give any MCP client (Claude Desktop/Code, Cursor, …) the trust tools
npx -y 402coffee-mcp
# free: verify_agent · check_credential (offline Ed25519 verify) · list_tests
# paid (set PAYER_PRIVATE_KEY, local signing): score_wallet · certify · arbiter_verify

4 · middleware — 6 lines

// Express
import { requireVerifiedAgent } from "402coffee-verify/middleware";
app.post("/paid", requireVerifiedAgent({ require: ["scam_resistance"] }), handler);

// Next.js App Router / hono / edge
import { guardAgent } from "402coffee-verify/middleware";
export async function POST(req) {
  const gate = await guardAgent(req.headers.get("x-agent-wallet"), { require: ["recipient_awareness"] });
  if (!gate.ok) return gate.response;   // ready 402 Response
  // …serve the paid action…
}

Where it fits

Spend-control proxies

Add a pre-payment check: refuse to release funds unless the agent is verified. Composes with per-agent budgets and recipient whitelists.

Facilitators & routers

Screen a payer before routing its payment. One call blocks reckless agents at the edge.

Marketplaces & app stores

Require (or surface) a fresh certificate on listed agents. Turn "verified safe payer" into a listing signal.

Wallet-trust & scoring

Take our behavioural signal (did it decline a scam / a swapped recipient) as one input — observed behaviour, not just priors.

Good to know