Public proof for agent-commerce, paid API, and MCP launch work.

AgentScrape launch validation quote approved

HSH Intelligence approved public attribution after two no-payment readbacks helped close x402 and MCP launch-surface gaps. The quote is now usable in sales material without implying a paid engagement.

The reverse-engineering style of your check, with no payment, no signatures, and no paid calls, is the right shape for launch validation.

Commercial proof buyers can verify quickly

Recent public work now maps directly to the paid offer: agent-payment spend controls, browser-readable x402 challenges, non-cacheable paid-action receipts, AgentCore payment lifecycle checks, origin-safe UCP server middleware, official UCP example validation, ACP delegate-auth schema validation, NVIDIA Retail Agentic Commerce A2A documentation, mppx x402 resource-binding verification, Apify MCP task-mode payment guard review, Fireblocks x402 preview flow, Bazaar metadata guidance, MCP payment metadata, Universal Cart header paths, and registry-ready API specs. This is the proof base behind the $750 readiness maps and $2,500+ launch sprints.

Resonate and CommandLayer payment-receipt patches

Two fresh PRs target the same launch-risk class from different angles: x402 402 challenges should not be cached, and paid-action receipt/error responses should not be cached. Both patches include focused local tests.

AWS AgentCore payment lifecycle re-check

An AgentCore Pay for Data sample was updated after a public lifecycle note. The re-check confirms host-side catalog sync no longer requires payment-session environment variables.

UCP Go SDK origin-safe CORS patch

A Universal Commerce Protocol server middleware PR adds Vary: Origin when allowed origins are reflected, so shared caches do not reuse another agent or platform origin's CORS policy. Full Go tests pass.

Official UCP example validation cleanup

An official Universal Commerce Protocol PR makes the lightweight example-validation test harness report missing optional ucp-schema coverage as skipped instead of failed, matching the test contract.

Agentic Commerce Protocol delegate-auth schema patch

An official ACP PR fixes result-bearing delegate-authentication examples that were rejected by schema composition, then maps delegate-auth and feed examples into the consistency validator.

NVIDIA Retail Agentic Commerce UCP A2A alignment

A NVIDIA AI Blueprint PR aligns the architecture, PRD, feature summary, and agent guide with the implemented UCP A2A checkout transport after REST checkout routes were removed.

mppx x402 exact resource-binding re-check

After a public source-readback note, mppx added route-resource binding before facilitator verification. A local no-payment script confirmed cross-resource replay rejects with 402 while same-resource settlement proceeds.

Apify MCP task-mode x402 guard readback

An Apify MCP server PR now has a source-readback note on a task-mode path where a standby Actor can still reach a generic 402 task result before the new precise standby rejection runs.

x402trace Bazaar body-discovery guidance

The x402trace validator now has a PR keeping body-discovery failure remediation aligned with info.input, info.output, and schema instead of sending API-style services toward MCP-style name/description fields.

Fireblocks x402 payment-info preview patch

A Fireblocks x402 agent PR keeps the preview-only x402_get_payment_info tool from querying vault balances, so teams can inspect public 402 requirements before configuring Fireblocks signing credentials.

Shopify, Shopware, and ToolRouter public proof

High-signal public loops landed the same day: Shopify's UCP CLI merged a custom-header discovery fix, Shopware corrected UCP order-proof URLs away from localhost, Shopware added Google feed validator coverage, and ToolRouter's StableTravel x402 PR merged after wrapper tests passed.

What this proves for agentic commerce teams

When agents buy, call paid APIs, or pass through Universal Cart/UCP-style checkout, the launch risk is practical: challenge readability, retry headers, cache behavior, payee/resource binding, receipt shape, amount caps, and post-payment reconciliation.

tools402 seller endpoint

Tate Programs is now listed in the tools402 public catalog with a $0.01 proxy-mode readiness snapshot. No-payment calls return a valid 402 challenge, and the upstream stays probe-safe for marketplace health checks.

Universal Cart / UCP public sample

The free checker now has a captured Allbirds sample report: UCP profile, agent docs, MCP endpoint behavior, agentic sitemap, product/policy schema gaps, and the exact line between public discovery and private checkout proof.

External acknowledgement loop

May 16-20 updates turned the proof trail from one-way public notes into a public builder-response loop: patches landed, credited fixes shipped, follow-up checks closed gaps, and fresh PRs received no-payment launch reviews while the surfaces were still being shaped.

May 20-21 patch loops

Same-day checks closed the loop on provider fixes and live PRs: Blocksize closed resource, browser-readability, exposed-header, and no-store notes; Carbon Cashmere shipped a flat 177-endpoint manifest; Nevermined's Python Visa/x402 mirror exposed a provider-type regression in CI; and Dynamic's auto-fund path got a spend-control review before merge.

Tate Programs Bazaar discovery

The live paid endpoints were patched so Agentic Market's seller validator accepts the Bazaar discovery metadata. Triage, index watch, skill trust, and A2A all now parse cleanly and enter discovery processing.

DCP auto-approved spend accounting

A desktop payment protocol PR fixed auto-approved spend accounting for sign_x402 and /v1/vault/sign. The merged patch now debits daily budgets, covers repeated under-threshold spend, and keeps the internal ledger hidden from user-facing agent lists.

MetaMask ERC-7710 x402 package

A high-brand wallet/account-abstraction PR passed local tests, lint, and build, then merged. The review isolated a default-path integration bug where the ERC-7710 wrapper could publish unchanged Base USDC requirements without assetTransferMethod: "erc7710" or facilitator addresses.

LogicNodes Bazaar catalog

The live Coinbase x402 PR showed 256 Bazaar-discoverable resources and FastAPI-style nested 402 challenge bodies. A same-day pass added scanner support for that shape and scoped remaining launch work to browser-readable CORS, preflight retry headers, cache policy, and discovery clarity.

Dynamic Agent Payments auto-fund

A wallet-infrastructure PR added Tempo MPP and Checkout auto-funding. The review isolated the commercial spend boundary: agent callers need hard per-call caps, strict network and asset selection, and tests for malicious high-amount or unsupported-network payment challenges.

Nevermined Visa x402 SDK

The Python Visa/x402 mirror added card-delegation support, but the e2e job showed a real parser regression: card-only provider typing rejected backend erc4337 rows before Stripe and Braintree flows could run.

Automattic x402-Pay hosted wallet

The Gravatar Wallet provider reintroduced a hosted-wallet payment row. The review isolated a replay-window mismatch: the provider hard-coded a 10-minute EIP-3009 authorization while the paywall advertises a 120-second payment timeout.

Automattic paid MCP upload hook

A fresh MPP hook PR had strong pre-upload safeguards. The public review isolated the post-S3 paid recovery boundary: if complete_upload fails after bytes are uploaded, agents need the same upload_id recovery path instead of restarting a paid begin_upload.

AgentLair identity and trust API

The public pass found a clean Base-mainnet x402 challenge on the trust-score lookup. The follow-up confirmed well-known discovery, no-store cache posture, browser preflight, and documented resource scope landed.

x402watch and KR Crypto

Fresh Coinbase ecosystem reviews split the signal correctly: KR Crypto's OpenAPI routes were clean, while x402watch had useful launch-polish notes around agent-facing OpenAPI scope, no-store policy, and well-known discovery.

TensorFeed premium routes

No-payment probes found parameter-required routes reaching validation before canonical payment challenges. Follow-up checks confirmed eleven routes moved behind clean x402 challenges, and TensorFeed called the checker "load-bearing" for catching audit gaps.

x402jp Japan data

Weather routes that previously returned 500 now return structured Base x402 challenges across the sampled manifest. Remaining notes were scoped to browser preflight and resource echo metadata.

MetEngine data agent

OpenAPI probes showed coherent Solana x402 challenges and payment-header alternatives. The public note isolated a browser preflight blocker to fix or document before distribution.

KR Crypto Intelligence

Initial probes found browser preflight and accept-resource gaps. Follow-up probes now show sampled paid routes returning clean x402 challenges with browser preflight and resource URLs aligned.

Vegacore document services

OpenAPI probes confirmed live x402 challenges for contract, invoice, document-compliance, and human-review services. The public note isolated a doc-compliance live-price mismatch and browser payment-header readiness gaps.

UZPROOF verify

Follow-up probes confirmed canonical Solana x402 pricing, browser payment headers, and an MPP `WWW-Authenticate: Payment` path on the paid verification route.

HYRE Agent

Live OpenAPI probes isolated a material 10x price drift. The provider moved to a single source of truth, and follow-up probes now show sampled prices matching live Solana 402 challenges.

anchor-x402

Browser preflight and actual 402 CORS are both fixed after the middleware-order patch. Follow-up probes now show sampled payment challenges are readable to browser agents.

Agent Trust Bench

Repeated no-payment review loops moved the adversarial payment bench to clean sampled checks, then the builder publicly validated the third clean pass before merge.

EconDash macro data

Follow-up probes confirmed free OpenAPI discovery, payment-header preflight, no-store policy, and resource echo are fixed. Actual 402 responses still need browser-readable CORS.

paysh-send private transfer

The transfer gate returns a structured Solana x402 challenge for valid no-payment samples. The review isolated browser preflight, resource binding, and no-store policy gaps before wallet-facing use.

Solrouter inference

The private LLM inference route and quote route returned structured Solana x402 challenges. The public note isolated HTTPS resource binding, price-copy alignment, and auth/session ordering as the highest-impact fixes.

Cryptorefills shopping

The Solana gift-card checkout manifest links into OpenAPI. Example-driven probes found free browse routes working, but the order example reached upstream stock handling before returning a 402 challenge.

Settle sandbox

The receipt-pinned devnet proxy returns structured x402 challenges with matching capability hashes for arxiv, translate, and summarize demos. The public note scoped remaining work to browser preflight and capability-discovery hygiene.

Nansen API

The Nansen follow-up confirmed sampled analytics routes still return structured x402 challenges, and the auth-only account route is no longer presented as a paid x402 surface.

Blocksize market data

VWAP, bid/ask, FX, and metals endpoints return coherent Solana mainnet x402 challenges. The latest re-check confirmed actual 402 responses now expose browser-readable payment headers and repeat the requested resource; sampled responses still need a visible no-store cache policy.

x402watch analytics

Paid ecosystem analytics endpoints return Base x402 challenges. OpenAPI metadata, resource echo, and POST preflight were fixed; actual 402 responses still need browser-readable CORS.

AlgoVoi compliance gate

The unsupported-network demo fixture and browser preflight were fixed. Follow-up checks now reach the intended `unsupported_network` verdict and allow the payment header set.

Tetrac market data

Ten sampled market-data routes returned coherent Solana x402 challenges at `$0.05`, while browser preflight did not allow the documented `x-x402-payment` header.

three.ws resources

The live `resources[]` catalog exposes ten paid routes with structured x402 challenges. The public note isolated drift between PAY.md, OpenAPI, and live discovery, plus third-party browser origin handling.

Top Ledger wallet data

Sampled wallet-intelligence routes returned coherent MPP payment challenges at `$0.0004`, while discovery endpoints were missing and browser preflight omitted CORS payment headers.

Purch marketplace

Search, shop, and vault discovery routes returned structured x402 challenges at the documented fixed prices. The public note scoped remaining work to HTTPS resource URLs, dynamic-buy ordering, and discovery.

Orion memecoin safety

Documented gateway routes returned MPP challenges before data. The public note isolated browser-readable 402 CORS, Solana-vs-Base rail metadata, discovery, and PAY.md route-scope alignment.

Boundary Guard x402

Sampled scan, health-probe, readiness, launch-pack, and receipt routes returned structured Solana/Base x402 challenges. Follow-up verification cleared resource binding, sidecar scope, and health-probe boundary notes.

Stratum macro data

Fresh May 16 checks found live macroeconomic data routes returning x402 challenges with visible Solana accept legs. The public note isolated broader OpenAPI scope and multi-rail listing clarity.

Mycelium Oasis

The direct clarity endpoint now returns canonical resource metadata, browser-readable 402 headers, and a clean OPTIONS preflight. The listing clearly separates testnet payment from mainnet audit anchoring.

PayAI provider set

Scoped checks found Xona's sampled creative routes returning coherent Solana x402 challenges. A 0.2.17 recheck showed BlockRun chat reaches 402, while search price, image examples, and browser clarity remain.

MoltyCash gigs

The pay-per-task gig route returns a structured x402 challenge before escrow funding, with browser-readable 402 headers and a visible Solana mainnet USDC accept leg. The public note narrowed cleanup to pricing-formula clarity and accept-level resource echo.

MEV Intelligence

A same-day Coinbase x402 listing received a no-payment pass across OpenAPI discovery, four paid Base routes, free preview routes, browser preflight, cache posture, and accept-resource binding.

Shipcheck CLI 0.4.9

Published npm scanner with MCP smoke-test proof checks, STDIO execution-boundary notes, remote-server auth-boundary notes, npm trusted-publishing checks, MCP registry version-drift checks, and payment-agent guardrails. The package self-scan reports clean before release.

Shipcheck MCP 0.1.12

Published MCP server package carrying the latest Shipcheck engine, with official registry metadata refreshed to the current version after npm publication.

Marketplace action

The public action repo now runs its own CI smoke test against a 100/100 fixture and validates SARIF output from the composite action.

MCP Registry Pulse

Daily aggregate snapshot of official MCP Registry launch signals: websites, package paths, remote paths, install config, safety notes, and smoke-test language.

Demo app scan

Shipcheck reports a debug API route, missing Supabase RLS proof, and missing paid API usage controls in a fixture app designed to mirror common launch mistakes.

MCP launch review

The site includes a fixed-scope MCP review offer and sample report for package metadata, registry readiness, install config, and tool-safety notes.

Exposure check

A same-day report format for auth, public data, client-side secrets, deploy config, database rules, and payment boundaries.