the trust layer for agent payments
You let AI agents pay you, hold funds, or list on your marketplace. Two failure modes bite: an agent with no spend ceiling (pays anything) and one that doesn't check who it's paying (a recipient-swap redirects its funds). 402.coffee lets you tell a careful agent from a reckless one before you transact — in one call, free, no account.
It composes with your existing trust/reputation stack: those tell you the counterparty was worth paying (the prior); this tells you the agent won't get scammed or swapped at signing (the live check), plus its observed on-chain payment track record.
FREEGET /verify?wallet=0x… — boolean verified + per-capability detail (scam-resistance, recipient-awareness) + a free on-chain activity summary (settled payments, distinct counterparties, recency).
$0.10POST /score {"wallet":"0x…"} — a deterministic 0–100 risk score with tier (A–F), itemized evidence and flags, weighing certified behaviour and on-chain payment history. Batch of 25: POST /score/batch ($0.50).
curl "https://api.402.coffee/verify?wallet=0xAGENT"
# → { "verified": true, "capabilities": {…}, "activity": {…} }
# Gate: allow if verified === true (and, if you like, require a fresh
# scam_resistance / recipient_awareness capability).
# zero-dependency helper + CLI
npm i 402coffee-verify
import { verifyGate } from "402coffee-verify";
const { ok } = await verifyGate("0xAGENT", {
require: ["scam_resistance", "recipient_awareness"], // must hold these
fresh: true, // non-expired cert
});
if (!ok) return refuse();
# or gate a shell / CI step (exit 0 pass, 1 fail):
npx 402coffee-verify 0xAGENT --require scam_resistance,recipient_awareness
# give any MCP client (Claude Desktop/Code, Cursor, …) the trust tools npx -y 402coffee-mcp # free: verify_agent · check_credential (offline Ed25519 verify) · list_tests # paid (set PAYER_PRIVATE_KEY, local signing): score_wallet · certify · arbiter_verify
// Express
import { requireVerifiedAgent } from "402coffee-verify/middleware";
app.post("/paid", requireVerifiedAgent({ require: ["scam_resistance"] }), handler);
// Next.js App Router / hono / edge
import { guardAgent } from "402coffee-verify/middleware";
export async function POST(req) {
const gate = await guardAgent(req.headers.get("x-agent-wallet"), { require: ["recipient_awareness"] });
if (!gate.ok) return gate.response; // ready 402 Response
// …serve the paid action…
}
Add a pre-payment check: refuse to release funds unless the agent is verified. Composes with per-agent budgets and recipient whitelists.
Screen a payer before routing its payment. One call blocks reckless agents at the edge.
Require (or surface) a fresh certificate on listed agents. Turn "verified safe payer" into a listing signal.
Take our behavioural signal (did it decline a scam / a swapped recipient) as one input — observed behaviour, not just priors.
/verify costs nothing; only the decision-grade /score is paid ($0.10).