Live x402 endpoint
$0.05/call after signed retry
Payment Policy Decision API
Decide whether an agent should pay before it signs. This page is intentionally operational: it shows the live endpoint, the unpaid x402 challenge shape, what the policy checks, and which proof is available without claiming paid settlement.
Buyer-visible status
Use this endpoint before an autonomous agent signs an x402 payment for a newly discovered service. It gives the buyer a deterministic policy decision and an evidence trail to persist beside the run log.
| Endpoint | POST https://hermesplant.com/api/agent-services/payment-policy/decide |
|---|---|
| Manifest | https://hermesplant.com/.well-known/x402 |
| Public route | Yes, x402-protected; no API key or account required. |
| Unpaid behavior | HTTP 402 Payment Required with payment-required challenge header. |
| Paid behavior | After a valid signed retry, returns the JSON decision response. |
| Settlement claim | Not asserted by this page; verify paid settlement separately. |
Challenge shape
The first request is deliberately unpaid. A buyer should validate the resource, payment terms, Bazaar metadata, and optional payment identifier before signing.
{
"x402Version": 2,
"error": "Payment required",
"resource": {
"url": "https://hermesplant.com/api/agent-services/payment-policy/decide",
"serviceName": "Payment Policy Decision API",
"mimeType": "application/json",
"tags": ["x402", "payment-policy", "agent-commerce"]
},
"accepts": [
{
"scheme": "exact",
"network": "eip155:8453",
"amount": "50000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "<current X402_PAY_TO>",
"maxTimeoutSeconds": 300
}
],
"extensions": {
"bazaar": { "info": { "input": { "...": "..." }, "output": { "...": "..." } } },
"payment-identifier": { "info": { "required": false } }
}
}Supported checks
Resource and method
Absolute resource URL, HTTPS requirement, HTTP method, allowed hosts, and blocked hosts.
Payment terms
x402 scheme, network, asset, raw amount units, USD amount hint, payTo recipient, and challenge timeout.
Buyer limits
Per-call soft and hard dollar limits, allowed networks, allowed recipients, facilitator allow-list, and required payment identifiers.
Service risk context
Bazaar/service tags and optional upstream risk signals, including MCP risk output when the payment is for a newly discovered tool.
Decision evidence
Returns allow, deny, or needs_review with reason codes, findings, risk score, and a recommended action for the agent run log.
- Checks URL, amount, network, payTo, facilitator, and buyer limits
- Flags resource-binding mismatches, replay gaps, PII leaks, and price anomalies
- Returns allow / deny / needs_review with redacted log-safe evidence
Proof status
The monitor below is intentionally no-spend. It proves discovery and challenge readiness, then stops before a signed retry.
npm run proof:agent-discovery
# or explicitly:
node scripts/check-agent-discovery-proof.mjs \
--base https://hermesplant.com \
--endpoint /api/agent-services/payment-policy/decide| Manifest proof | GET /.well-known/x402 must return configured=true and list /api/agent-services/payment-policy/decide with price, tags, input schema, output example, and bazaar metadata. |
|---|---|
| Challenge proof | An unpaid POST must return HTTP 402 with a payment-required challenge before any policy decision response is released. |
| Bazaar proof | The manifest endpoint.bazaar object and the 402 extensions.bazaar payload must both be present; this proves discovery metadata, not settlement. |
| Settlement boundary | This page and the no-spend monitor do not claim a successful paid retry, ledger write, facilitator settlement, or revenue event. |