Before the agent pays, strip private context from the payment record.

x402 and Pay.sh make paid API calls easy for agents. This local checker looks for prompts, user identifiers, emails, phones, query tokens, wallet context, and secret-like strings in payment metadata before receipts, facilitators, providers, or public chains can see them.

run filter commerce gate policy builder x402 checklist Pay.sh pulse

privacy: local
input: JSON/text
output: safe metadata

metadata.filter

$ filter payment-metadata.json
scan: prompt, pii, secrets
url: drop query tokens
reason: compact purpose code
receipt: safe label only
result: sanitized metadata

Payment metadata, receipt body, or payment request JSON

rules

What the filter tries to remove.

prompt

Private task context

Full prompts, chat excerpts, support tickets, retrieval chunks, and internal notes should not become payment metadata.

pii

User identifiers

Email, phone, names, customer ids, account ids, and location strings should be replaced with compact purpose labels.

url

Resource URLs

URLs can carry query tokens, emails, session ids, and search terms. Keep the origin/path or a neutral resource label.

secret

Credentials

API keys, bearer tokens, JWTs, private keys, webhook secrets, and seed-like strings should never appear in receipts.