tate@programs ~/services/agent-subscription-boundary-review x402 / MPP / API keys / top-ups

agent subscription boundary review / may 2026

A paid agent request is no longer just a paid response.

New agent-payment flows can create accounts, activate plans, issue API keys, and top up balances from a single x402 or MPP request. This review maps the exact boundary between payment, account creation, retry, credential issuance, and receipt evidence before the flow reaches real buyers.

request private scope pay $349 after scope standard launch review free surface check

price: $349
delivery: 72h
mode: private first

subscription.boundary

$ review --paid-result api_key
surface: 402 challenge + retry body
boundary: payment -> account -> key
checks: amount, resource, headers, cache
evidence: receipt, plan, retry, revocation
deliverable: risk map + patch order

why this is different

Subscriptions turn payment bugs into account-boundary bugs.

pricing

Payment becomes state

A successful payment may create a customer, plan, balance, team, endpoint, or long-lived platform key. The review checks what is created and how it is bounded.

Retries carry risk

Failed account creation after a settled payment needs exact replay, idempotency, expiry, and duplicate-charge rules.

Receipts need meaning

The paid receipt should bind to a plan, resource, account, key issuance event, and revocation path, not only a transfer amount.

review checklist

What gets checked.

The work stays inside the authorized public or provided private scope. No payment, wallet signature, account creation, or paid call is attempted unless the customer explicitly provides a funded test path and written authorization.

Challenge binding

Canonical resource, per-accept-leg binding, plan amount, network, asset, recipient, expiry, payment-header names, and browser-readable challenge headers.

Account creation

What gets minted after payment: account, workspace, endpoint, API key, balance, team state, or plan-level permissions.

Retry and idempotency

Same-payment retry, duplicate email handling, expired challenge behavior, paid-but-denied recovery, and no-double-charge evidence.

Credential boundary

API-key scope, default permissions, rotation, revocation, rate limits, origin/IP restrictions, and whether the paid result is too broad.

Cache and metadata

No-store posture, Vary headers, CORS method/header exposure, payment metadata leakage, and logs that might carry user identifiers.

Receipt evidence

Payment hash, plan, account id, issued key id, resource, actor, retry events, denial events, settlement state, and refund or dispute path.

deliverable

A private patch order for one subscription flow.

send surface

map Payment-to-account state diagram.

Shows every boundary crossed from no-payment request to account/API-key issuance.

findings Ranked risk notes with repro.

Plain commands and observations, scoped to the authorized surface.

patch Smallest safe patch order.

Fixes ordered by buyer risk and launch value, not scanner noise.

Start here

Send the public endpoint, docs, and what gets created after payment.

Request review