Security, x402 and agent-readiness docs that ship as PRs.

Security policy readback

Turn a rough SECURITY.md into private reporting guidance, safe-harbor wording, response targets and scoped vulnerability examples.

Bug bounty launch packet

Vendor-ready scope matrix, reward rubric, disclosure SLA, report template, launch checklist and announcement copy.

x402 docs/readback

Stale spec links, facilitator references, payment examples, agent spending controls and copy/paste smoke-test gaps.

OpenZeppelin Guardian x402 facilitator readback

Buyer-specific threat-model and module-readiness packet for Guardian#252: hook lifecycle, policy gates, receipt contract, mocked tests, and fail-closed rollout plan.

See package

LogicNodes x402 MCP listing readback

Buyer-specific listing-readiness packet for chatmcp/mcpso#2471: package-name drift, service-count consistency, API-key vs x402 default mode, and no-spend MCP acceptance checks.

See package

PMXT Polymarket V2 readback

Buyer-specific follow-on for pmxt-dev/pmxt#436 after merged PR #460: V2 contract domains, pUSD wrap/cache-sync flow, approval/trading failure matrix and regression checks.

See package

MicroAI x402 receipt readback

Buyer-specific follow-on for MicroAI-Paygate#163 after merged PR #170: verified/missing/invalid receipt fixtures, buyer-agent trust contract and no-spend browser screenshots.

See package

HealthChain USDC payment-flow readback

Buyer-specific follow-on for Mosss-OS/healthchain#24 after merged PR #51: wallet state matrix, allowance/approval receipt fixtures, transfer receipt checks and safe retry copy.

See package

x402 seller listing readback

Manifest, no-payment 402, browser-agent CORS, price consistency and receipt-shape pass for sellers trying to get listed.

See sample packet

Bankr x402 Cloud pre-payment readback

Buyer-specific no-spend packet for BankrBot/skills#395: HTTP 500 before 402, browser preflight status, challenge contract, and regression checks for listed x402 skills.

See package

Heurist EIP-3009 nonce readback

Fresh no-wallet x402 transcript for bytes32 nonce parsing, payTo drift, and payment challenge header gaps.

See package

x402 release smoke/readback

Focused pre-release pass for x402 CLI, SDK or docs changes: observed output, timeout/error paths, release-note wording and small docs-gap table.

See package

OBOL Permit2 x402 release readback

Obol/Spark2 release pass for selected-token wording, Permit2 metadata, 402 challenge shape, facilitator assumptions and safe external-endpoint smoke instructions.

See package

x402 Bazaar indexing readback

Diagnostic packet for routes that settle through CDP/facilitators but still fail discovery indexing: 402 challenge, Bazaar metadata, payTo search and escalation appendix.

See package

x402 browser-agent middleware readback

Route-level pass for 402 challenge headers, CORS preflight, facilitator verify/settle and payment response visibility before browser agents hit it.

See package

x402 frontend payment-cycle readback

Frontend pass for catching 402s, wallet approval/signing states, retry-with-proof behavior, receipt rendering and browser-agent UX gaps.

See package

NexusHub agent data bounty starter pack

Ready-to-post bounty specs for pay-per-query data agents: DFW permit trends, contractor pricing comparison, and paid-data MCP/x402 wrapper with proof/verification rules.

See package

issues.cash stablecoin bounty rails

Buyer-specific packet for stablecoin bounty support: USDC payout states, claim wording, public receipts, and duplicate-solver controls before issue threads become payment negotiations.

See package

NEXUS x402 no-spend preflight

Buyer-specific readback for NEXUS arb/check: free endpoint, 402 challenge, CORS, Bazaar status and a safe paid-settle approval boundary.

See packet

HappyVertical Base USDC adapter packet

Buyer-specific implementation map for happyvertical/sdk#1029: Base USDC watch path, x402 proof boundary, deterministic address fixtures, refund seams and mocked-first tests.

See package

ChainSafe OCR x402 SDK readback

Buyer-specific readiness packet for open-creator-rails.sdk#28: ocr-permit-v1 payloads, subscriber namespace, facilitator clients, idempotency risks and mocked-first tests.

See package

Farmbot grant conversion + water uptime packet

Buyer-specific sales packet for remote water monitoring: grant qualification, ROI proof, uptime demo scripts, and farmer/advisor follow-up copy.

See package

Game4Blockchain x402 agent-flow scaffold

Buyer-specific mock-first scaffold for BeLorenzo/Game4Blockchain#3: payable agent-action discovery, explicit wallet boundary, receipt table, and frontend/CLI state checks.

See package

SolSentry x402 enforcement readback

Buyer-specific no-payment readback for solsentry/solsentry-app#2: fail-closed 402 behavior, browser CORS header allowlist, receipt exposure, and regression smoke script.

See package

DevAsign contributor-supply readback

Buyer-specific go-to-market packet for devasign-api#91: first-contributor acquisition loop, issue proof packet, solver-quality filter, bounty receipt template, and 14-day measurement plan.

See package

AIGEN / OABP portable mission receipt readback

Buyer-specific spec packet for Aigen-Protocol: signed mission receipts that bind agent, mission, content hash, verifier decision, and settlement proof for third-party bounty verification.

See package

LangChain x402 spend-decision receipt readback

Buyer-specific packet for LangChain paid tool calls: deterministic action refs, pre-payment SpendDecision receipts, simulation mode, and post-settlement audit linkage.

See package