Changelog.

24-Article Partner Docs

Every section of the partner lifecycle has a dedicated reference article at /partner/docs/[slug]. Articles are written for the partner audience — not internal docs, not marketing copy. Technical partners get real code; agency partners get full campaign templates with production-ready copy.

• Positioning (4) — P402 in one sentence, ideal customer profile, approved claims, prohibited language
• Product (4) — How x402 works, why AP2 mandates matter, Bazaar distribution model, Router vs. direct API
• Campaigns (4) — Newsletter templates (3 full editions), X/Twitter threads (4 complete threads), YouTube descriptions, email sequences
• Compliance (4) — FTC/ASA disclosure guide, brand guidelines, prohibited methods, brand bidding policy
• Technical (4) — SDK quickstart with code, x402 code walkthrough, building a paid agent, MCP integration guide
• Payouts (4) — Commission calculation, hold period rules, tax form requirements, payout timeline

Agent Quickstart & /docs Landing

The /docs landing page is redesigned as a four-quadrant navigation hub. A dedicated agent quickstart guide covers the A2A protocol from first principles — AgentCard, task lifecycle, x402 extension, and mandate-gated sessions — with complete code examples for both sending and receiving agents.

• All “coming soon” links activated — no dead ends in the docs navigation
• Consistent component system: SectionLabel, Callout (lime/neutral/warn variants), CodeBlock, TableBlock across all 12 pages
• SEO: each page has canonical URL, OpenGraph metadata, and structured breadcrumb

traffic_events Instrumentation

Every routed request now writes a structured event to the traffic_events table — including provider selected, routing mode, latency, cost, cache hit status, and settlement outcome. This powers the Requests and Savings dashboard pages with real per-request data rather than aggregates.

• Write path is non-blocking — event insert never delays the API response
• .env.test.local auto-loaded in Playwright config — test DB URL isolated from production Neon instance
• Edge middleware re-written to remove node:crypto dependency — compatible with Vercel Edge Runtime

Audit Log & Safety Console

Every admin action is written to admin_audit_log with before/after JSONB diff. The Safety page exposes quarantined sessions, flagged agents, and anomaly alerts with inline approve/escalate/dismiss controls. The Intelligence page mirrors the Gemini economist and sentinel outputs for ops review.

• Audit log: filterable by admin, action type, and target entity; JSONB diff viewer shows exactly what changed
• Admin component library: DataTable, RoleBadge, HealthPulse, StatusBadge, GrowthChart, AdminButton — shared across all 10 pages
• Login page redesigned in Neo-Brutalist system — no white-on-white input text

Requests & Evals UX Improvements

Targeted UX hardening across the execution log and eval surfaces. Baseline updated from GPT-4o to claude-sonnet-4-6 ($0.000003/token) across savings calculations, the hero card, and the daily bar chart.

• Requests table: keyboard navigation — ↑↓ select row, ↵ open trace, R refresh; double-click to trace; copyable curl in empty state
• Evals: failed eval re-run CTA with pre-populated task URL; Knowledge page source-type grid empty state
• AppSidebar: Sessions entry added (Layers icon); flex overflow scroll bug fixed
• POST /api/v1/execute/preview — dry-run provider scoring endpoint, returns ranked providers and scores without making an LLM call

Mission Control: Intelligence Summary

The main dashboard now shows a live Intelligence Layer summary: total requests this week, total dollars saved (with % vs baseline), and eval pass rate — each linking directly to its drill-down page. Data refreshes automatically every 30–60 seconds.

• Powered by three new REST endpoints: GET /api/v1/requests, GET /api/v1/savings?period=7d, GET /api/v1/evals — each with pagination, filters, and aggregate stats
• Savings computed server-side: baseline estimated from claude-sonnet-4-6 reference rate ($3/1M tokens) applied to task token count; actual cost vs baseline delta stored on execute_requests.baseline_cost at write time
• DB: migration v2_034 adds baseline_cost to execute_requests and provider_id / model_id to execute_trace_nodes

Trace Enrichment — Single-Query JOIN

getTrace() now returns full enrichment in a single round trip: plan node labels, tool execution I/O, evaluation scores, and originating task text are all resolved server-side. No N+1 queries at the API layer.

• Three LEFT JOINs added: execute_plan_nodes (label), tool_executions (I/O, latency, error), execute_evaluations (scores, pass/fail)
• Trace detail page shows task text, cost savings %, provider, and model in a context hero block — the first thing visible before any node detail
• Adaptive cost formatting: formatCost() renders 2 decimals ≥ $1, 4 decimals ≥ $0.01, 6 decimals below — no trailing noise at any scale

Bazaar Auto-Escrow — Phase 3.2

Any A2A task submitted via the Bazaar with price_usd ≥ $1.00 and a provider_address automatically creates an escrow — no extra API calls required. The escrow_id is returned in task metadata and stored in task configuration JSONB. Escrow creation is non-blocking — task proceeds even if escrow fails.

• Dashboard: Bazaar SETTLE button now routes to escrow creation (≥$1 + provider wallet) or direct EIP-3009 settlement (<$1)
• My Escrows panel in /dashboard/bazaar — live state with action buttons (Fund → Accept → Start → Deliver → Release / Dispute)
• bazaar_resources.provider_wallet_address added — populated from payTo in x402 manifests during ingest; powers escrow recipient resolution
• New useEscrow hook — polls /api/v2/escrow, exposes createEscrow() and transition()

Platform & Docs

Escrow surfaced across the full product surface. Models page now falls back to local registry (13 providers, all with live pricing) when OpenRouter is unavailable, eliminating the “Error loading live prices” state entirely.

• New /docs/escrow — state machine table, quick start code, full API reference, dispute window details
• New /product/escrow — Lock / Deliver / Release overview with agent commerce, creative work, and API access use cases
• Landing page updated to six capabilities: Routing, Payments, Escrow, Controls, Orchestration, Ecosystem
• GET /api/v2/models falls back to getProviderRegistry().getAllModels() on OpenRouter failure — models page always renders

World Mini App — world.p402.io

A standalone Next.js 15 mini app purpose-built for the World App ecosystem. Deployed separately from the Base Mini App at world.p402.io — different SDK, different store, same P402 backend linked via human_id_hash.

• Auth via MiniKit.commandsAsync.walletAuth — SIWE-style session, returns scoped HMAC bearer token tied to the World wallet address
• Credit purchases via MiniKit.commandsAsync.pay() — four tiers ($5 / $10 / $50 / $100 USDC); World App handles the transaction, P402 credits the balance on confirmation
• 4 tabs: Chat (streaming, cost display), Agents (A2A registry browser), Credits (balance + history), Settings (routing mode, identity, reputation)
• Session endpoint at POST /api/v1/world-mini/session — derives tenant from wallet address, auto-grants free trial credit for newly verified humans

Base Mini App — World ID Integration

The existing Farcaster mini app at mini.p402.io is updated to surface World ID verification state and credit balance inline — no new screens, state flows in from p402_metadata on every chat response.

• Header: [VERIFIED] badge appears when humanVerified is true — shows free-uses remaining or credit count
• Chat input: tri-state indicator — free trial active (lime), credit balance available (neutral), low USDC funds warning (amber) — each mutually exclusive
• Settings modal: World ID section with deep link to worldapp://verify for unverified users; verified state shows FREE USES / CREDITS / REP SCORE grid
• Agents panel: inline VERIFIED trust badge on agents where human_verified: true

Extension Surface

• Status bar — shows current router mode (⚡ P402: balanced); click to switch modes via quick-pick
• Activity bar + sidebar — three tree views: Sessions (budget remaining, spend, request count), Recent requests (model, cost, latency), Provider status (healthy / degraded / down per provider)
• Command palette — P402: Configure API Key, P402: Switch Router Mode, P402: Create Budget Session, P402: Open Dashboard
• Settings UI — p402.apiKey, p402.routerMode, p402.showStatusBar

6 Tools

• p402_chat — routes a prompt to the optimal provider by mode (cost / quality / speed / balanced); settles payment atomically if a session token is supplied; returns completion, provider used, cost in USD, and latency
• p402_create_session — creates a budget session with a hard USD cap; returns a session_token scoped to that budget
• p402_get_session — returns balance_remaining, amount_spent_usd, request_count, and status
• p402_list_models — enumerates all routable models with provider, context window, and per-token pricing; filterable by provider
• p402_compare_providers — returns all providers serving a given model with cost and p95 latency side-by-side
• p402_health — router uptime, facilitator settlement status, and active provider count

Google OAuth → Wallet Activation Path

Google OAuth users encounter a dedicated wallet activation pre-step in onboarding. The CDP email field is pre-filled from the Google session. The step is skippable; deferred state is tracked in localStorage and surfaces an inline activation prompt on the dashboard. Users who skip remain in identity_only state — dashboard and API key access is unaffected; payment routes return a 402 until a wallet is linked.

CDP Server Wallet for Facilitator Signing

The x402 facilitator signing wallet supports two modes, selectable via environment variable:

• Mode A — CDP TEE (CDP_SERVER_WALLET_ENABLED=true): private key never touches the Node.js process; signing happens inside Coinbase's Nitro Enclave. Recommended for production.
• Mode B — raw key: legacy local-dev fallback using P402_FACILITATOR_PRIVATE_KEY
• Active mode is exposed at GET /api/v1/facilitator/health → "mode": "cdp-server-wallet" | "raw-key"

P402 Protocol — Open Source

The core P402 protocol specification and reference implementations are open source. Includes the x402 payment extension schema, AP2 mandate format, A2A JSON-RPC method definitions, and the ERC-8004 agent identity registry interface.

Developer SDK

@p402/sdk provides typed wrappers for routing requests, issuing AP2 mandates, verifying x402 payment payloads, and interacting with the A2A task API. TypeScript-first; ships ESM and CJS.

CLI

Manage facilitators, inspect routing decisions, check wallet balances, and tail live traffic from the terminal. Wraps the same REST endpoints exposed by the dashboard — no separate auth flow required; uses your existing API key.

Base Mainnet Smart Contracts

• P402Settlement deployed at 0xd03c7ab9a84d86dbc171367168317d6ebe408601 — marketplace settlement with 1% protocol fee
• SubscriptionFacilitator deployed at 0xc64747651e977464af5bce98895ca6018a3e26d7 — EIP-2612 recurring billing, gasless for subscribers after month 1
• Treasury: 0xFa772434DCe6ED78831EbC9eeAcbDF42E2A031a6

Stripe & Billing Hardening

• Webhook handler uses req.text() before signature verification — required by Next.js 15 to prevent body pre-parsing from breaking HMAC validation
• All billing events use INSERT ... ON CONFLICT — idempotent against transient duplicate webhook delivery
• Environment validation enforced at startup; missing required keys abort boot rather than surface at runtime
• E2E billing suite green across Node 18 and 20