P402 Logo
P402.io

Changelog

Platform and protocol release history.

Progressive Authorization

March 6, 2026

4-State Authorization Model

P402 now formalizes authorization as a progression: Visitor → Identity Only → Wallet Linked → Payment Ready. Each state is computed server-side at GET /api/v2/auth/state and surfaced throughout the product with a clear, low-friction path to the next state.

  • State is derived from the NextAuth session: CDP email users resolve to wallet_linked immediately; Google OAuth users are resolved against the account's linked wallet address
  • Dashboard banner renders contextually per state — amber for unactivated payments, dark for unfunded wallet, silent when payment-ready
  • Nav wallet indicator distinguishes Google-only sessions ("Activate Payments") from wallet-linked sessions (address chip) without triggering RainbowKit
  • Mobile nav no longer surfaces a wallet connect prompt for unauthenticated visitors

Google OAuth → Wallet Activation Path

Google OAuth users encounter a dedicated wallet activation pre-step in onboarding. The CDP email field is pre-filled from the Google session. The step is skippable; deferred state is tracked in localStorage and surfaces an inline activation prompt on the dashboard. Users who skip remain in identity_only state — dashboard and API key access is unaffected; payment routes return a 402 until a wallet is linked.

Builder Onboarding Path

Developers who select the Build & Route role now receive targeted onboarding copy: no personal wallet required, agent sessions use CDP server wallets funded by clients, with a direct reference to the POST /api/v2/sessions endpoint and wallet_source: "cdp" parameter.

CDP Wallet Integration

March 4, 2026

Email OTP — Embedded Wallet on First Login

Sign in with an email address. A self-custody Base wallet is provisioned automatically via Coinbase Developer Platform (CDP) Embedded Wallet — no browser extension, no seed phrase, no prior crypto experience required.

  • OTP delivery and wallet creation complete in under 500 ms end-to-end
  • Private keys are generated and stored inside Coinbase's AWS Nitro Enclave (TEE) — never transmitted to the P402 server
  • Session identity: wallet address is the primary identity token, no separate linking step
  • First login presents a wallet acknowledgment screen with address and network confirmation

CDP Server Wallet for Facilitator Signing

The x402 facilitator signing wallet supports two modes, selectable via environment variable:

  • Mode A — CDP TEE (CDP_SERVER_WALLET_ENABLED=true): private key never touches the Node.js process; signing happens inside Coinbase's Nitro Enclave. Recommended for production.
  • Mode B — raw key: legacy local-dev fallback using P402_FACILITATOR_PRIVATE_KEY
  • Active mode is exposed at GET /api/v1/facilitator/health"mode": "cdp-server-wallet" | "raw-key"

Guided Wallet Funding — Onboarding Step 3

Onboarding is now 4 steps: Role → API Key → Fund Wallet → Orientation.

  • Fund Wallet step displays the connected wallet address with a one-click copy button
  • Instructions: copy address → send USDC on Base → the dashboard detects the deposit and transitions state automatically
  • Minimum deposit: $0.01 USDC. Contract: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

Protocol, SDK & CLI Launch

March 2, 2026

P402 Protocol — Open Source

The core P402 protocol specification and reference implementations are open source. Includes the x402 payment extension schema, AP2 mandate format, A2A JSON-RPC method definitions, and the ERC-8004 agent identity registry interface.

github.com/z333q/p402-protocol ↗

Developer SDK

@p402/sdk provides typed wrappers for routing requests, issuing AP2 mandates, verifying x402 payment payloads, and interacting with the A2A task API. TypeScript-first; ships ESM and CJS.

CLI

Manage facilitators, inspect routing decisions, check wallet balances, and tail live traffic from the terminal. Wraps the same REST endpoints exposed by the dashboard — no separate auth flow required; uses your existing API key.

Infrastructure & Platform

Feb 24 – Mar 2, 2026

P402 Claude Skill

  • Claude skill released covering routing modes, billing guard limits, session lifecycle, x402 payment settlement, A2A protocol, and provider cost comparison
  • Skill surfaced in footer, landing CTAs, and mobile navigation
  • Trained on Feb 2026 models; includes concrete migration examples from direct OpenAI/Anthropic API calls

Base Mainnet Smart Contracts

  • P402Settlement deployed at 0xd03c7ab9a84d86dbc171367168317d6ebe408601 — marketplace settlement with 1% protocol fee
  • SubscriptionFacilitator deployed at 0xc64747651e977464af5bce98895ca6018a3e26d7 — EIP-2612 recurring billing, gasless for subscribers after month 1
  • Treasury: 0xFa772434DCe6ED78831EbC9eeAcbDF42E2A031a6

Stripe & Billing Hardening

  • Webhook handler uses req.text() before signature verification — required by Next.js 15 to prevent body pre-parsing from breaking HMAC validation
  • All billing events use INSERT ... ON CONFLICT — idempotent against transient duplicate webhook delivery
  • Environment validation enforced at startup; missing required keys abort boot rather than surface at runtime
  • E2E billing suite green across Node 18 and 20