v2.2.81-brand-asset-integration / zero-contact-inbound-only

Agent safety posture for ApexScout buyers.

Buyer-readable safety posture for ApexScout's owned x402 API surfaces, agent metadata, dashboard, and operator checks.

This is a no-spend trust surface. It does not make paid calls, create traffic, contact anyone, scrape, inspect third-party services, switch rails, change seller wallet, or expose buyer-level data.

Read JSON posture Open x402 onboarding Open MCP Tool Pack Open x402 proof

Production boundary

Rail	Base mainnet x402
Network	eip155:8453
First paid route	/api/opportunity-check at $0.01
Builder monetization route	/api/agent-revenue-audit at $5.00
Paid calls by this page	false
Paid upstream calls added	false
Settlement rail changed	false
Seller wallet changed	false

Controls

active

Owned-surface sandbox

This posture describes ApexScout-owned repo, routes, docs, dashboard, metadata, and operator reports only.

No security testing
No endpoint scanning
No third-party service inspection

active

Network boundary

ApexScout's public readiness checks stay on owned routes and official source references already chosen by the operator.

No broad external discovery
No scraping
No crawler or directory lookup from this surface

active

Approval boundary

Paid calls, deploy authorization, rail changes, seller wallet changes, and self-payment proofs remain explicit operator decisions.

No payment execution by this page
No automatic deploy authorization
No route-payment retries

active

Credential boundary

Public surfaces must not reveal CDP keys, full payment payloads, full wallet addresses, buyer prompts, or paid response contents.

No CDP keys
No full payment payloads
No full public wallet histories

active

Command boundary

ApexScout's agent-readable surfaces explain paid routes; they do not run outbound automation or contact workflows.

No posts
No DMs
No email
No manual message campaign
No destructive operator action

active

Audit boundary

Public metrics are aggregate-only. Operator packets record what was checked without exposing buyer-level records.

No buyer-level public data
No raw feedback exposure
No paid response body exposure

Guardrails

Inbound-only
Zero-contact mode
No scraping
No third-party discovery
No outreach automation
No manual messages, posts, DMs, or emails
No paid calls by this readiness surface
No paid upstream calls
No fake traffic, fake feedback, or fake paid completions
No buyer-level public data
No partner or endorsement claim is made
No investment, legal, tax, trading, or revenue guarantee advice

Buyer path

/agent-safety-posture
/x402-onboarding
/x402-proof
/buyer-agent-challenge
/mcp-tool-pack
/agent-payment-alpha
/api/opportunity-check
/api/agent-revenue-audit

Keep this posture live as the first trust check before buyer agents inspect x402 onboarding, MCP metadata, and paid route challenges.

Machine-readable posture

{
  "name": "ApexScout Agent Safety Posture",
  "version": "v2.2.81-brand-asset-integration",
  "mode": "zero-contact-inbound-only",
  "purpose": "Buyer-readable safety posture for ApexScout's owned x402 API surfaces, agent metadata, dashboard, and operator checks.",
  "liveService": "https://apexscout.ai",
  "sourceSignal": {
    "source": "OpenAI May 8 Codex safety update",
    "sourceUrl": "https://openai.com/index/running-codex-safely/",
    "appliedPrinciple": "ApexScout maps agent controls into an owned public posture: clear boundaries, approval gates, network limits, credential privacy, command rules, and audit-safe telemetry."
  },
  "controlScore": {
    "implemented": 6,
    "possible": 6,
    "status": "owned-safety-surface"
  },
  "productionBoundary": {
    "activeRail": "Base mainnet x402",
    "protocol": "x402",
    "network": "eip155:8453",
    "baseX402Active": true,
    "facilitator": "https://api.cdp.coinbase.com/platform/v2/x402",
    "firstPaidRoute": "/api/opportunity-check",
    "firstPaidRoutePrice": "$0.01",
    "firstPaidRouteAmountAtomicUnits": "10000",
    "builderMonetizationRoute": "/api/agent-revenue-audit",
    "builderMonetizationRoutePrice": "$5.00",
    "builderMonetizationRouteAmountAtomicUnits": "5000000",
    "paidCallsMadeByThisPage": false,
    "paidUpstreamCallsAdded": false,
    "settlementRailChanged": false,
    "sellerWalletChanged": false,
    "automaticBuyerSpendingAdded": false
  },
  "controls": [
    {
      "id": "owned-surface-sandbox",
      "label": "Owned-surface sandbox",
      "status": "active",
      "buyerMeaning": "This posture describes ApexScout-owned repo, routes, docs, dashboard, metadata, and operator reports only.",
      "blockedActions": [
        "No security testing",
        "No endpoint scanning",
        "No third-party service inspection"
      ]
    },
    {
      "id": "network-boundary",
      "label": "Network boundary",
      "status": "active",
      "buyerMeaning": "ApexScout's public readiness checks stay on owned routes and official source references already chosen by the operator.",
      "blockedActions": [
        "No broad external discovery",
        "No scraping",
        "No crawler or directory lookup from this surface"
      ]
    },
    {
      "id": "approval-boundary",
      "label": "Approval boundary",
      "status": "active",
      "buyerMeaning": "Paid calls, deploy authorization, rail changes, seller wallet changes, and self-payment proofs remain explicit operator decisions.",
      "blockedActions": [
        "No payment execution by this page",
        "No automatic deploy authorization",
        "No route-payment retries"
      ]
    },
    {
      "id": "credential-boundary",
      "label": "Credential boundary",
      "status": "active",
      "buyerMeaning": "Public surfaces must not reveal CDP keys, full payment payloads, full wallet addresses, buyer prompts, or paid response contents.",
      "blockedActions": [
        "No CDP keys",
        "No full payment payloads",
        "No full public wallet histories"
      ]
    },
    {
      "id": "command-boundary",
      "label": "Command boundary",
      "status": "active",
      "buyerMeaning": "ApexScout's agent-readable surfaces explain paid routes; they do not run outbound automation or contact workflows.",
      "blockedActions": [
        "No posts",
        "No DMs",
        "No email",
        "No manual message campaign",
        "No destructive operator action"
      ]
    },
    {
      "id": "audit-boundary",
      "label": "Audit boundary",
      "status": "active",
      "buyerMeaning": "Public metrics are aggregate-only. Operator packets record what was checked without exposing buyer-level records.",
      "blockedActions": [
        "No buyer-level public data",
        "No raw feedback exposure",
        "No paid response body exposure"
      ]
    }
  ],
  "guardrails": [
    "Inbound-only",
    "Zero-contact mode",
    "No scraping",
    "No third-party discovery",
    "No outreach automation",
    "No manual messages, posts, DMs, or emails",
    "No paid calls by this readiness surface",
    "No paid upstream calls",
    "No fake traffic, fake feedback, or fake paid completions",
    "No buyer-level public data",
    "No partner or endorsement claim is made",
    "No investment, legal, tax, trading, or revenue guarantee advice"
  ],
  "privacy": {
    "publicMetrics": "aggregate-only",
    "aggregateOnly": true,
    "buyerLevelDataPublic": false,
    "buyerPromptsPublic": false,
    "paidResponsesPublic": false,
    "walletHistoriesPublic": false,
    "rawFeedbackPublic": false,
    "fullWalletAddressesPublic": false,
    "fullPaymentPayloadsPublic": false,
    "cdpKeysPublic": false
  },
  "recommendedBuyerPath": [
    "/agent-safety-posture",
    "/x402-onboarding",
    "/x402-proof",
    "/buyer-agent-challenge",
    "/mcp-tool-pack",
    "/agent-payment-alpha",
    "/api/opportunity-check",
    "/api/agent-revenue-audit"
  ],
  "links": {
    "page": "https://apexscout.ai/agent-safety-posture",
    "api": "https://apexscout.ai/api/agent-safety-posture",
    "status": "https://apexscout.ai/status",
    "dashboard": "https://apexscout.ai/dashboard",
    "dashboardApi": "https://apexscout.ai/api/dashboard",
    "cashRegister": "https://apexscout.ai/api/cash-register",
    "x402Onboarding": "https://apexscout.ai/x402-onboarding",
    "x402OnboardingApi": "https://apexscout.ai/api/x402-onboarding",
    "x402Proof": "https://apexscout.ai/x402-proof",
    "x402ProofApi": "https://apexscout.ai/api/x402-proof",
    "buyerAgentChallenge": "https://apexscout.ai/buyer-agent-challenge",
    "buyerAgentChallengeApi": "https://apexscout.ai/api/buyer-agent-challenge",
    "mcpToolPack": "https://apexscout.ai/mcp-tool-pack",
    "mcpToolPackApi": "https://apexscout.ai/api/mcp-tool-pack",
    "mcpManifest": "https://apexscout.ai/.well-known/mcp.json",
    "agentCoreGateway": "https://apexscout.ai/agentcore-gateway",
    "agentCoreOpenApi": "https://apexscout.ai/api/agentcore-openapi.json",
    "agentPaymentAlpha": "https://apexscout.ai/agent-payment-alpha",
    "docs": "https://apexscout.ai/docs.json",
    "publicAgent": "https://apexscout.ai/public-agent",
    "publicAgentApi": "https://apexscout.ai/api/public-agent",
    "sourceSignal": "https://openai.com/index/running-codex-safely/"
  },
  "whatThisDoesNotDo": [
    "Does not make a paid call",
    "Does not deploy production",
    "Does not inspect third-party services",
    "Does not contact anyone",
    "Does not scrape",
    "Does not switch settlement rails",
    "Does not change seller wallet",
    "Does not guarantee revenue"
  ],
  "nextRecommendedAction": "Keep this posture live as the first trust check before buyer agents inspect x402 onboarding, MCP metadata, and paid route challenges."
}