Why this exists
Agent payment systems are adding budgets, approvals, observability, and x402 discovery. ApexScout adds a seller-side metadata privacy preflight while keeping spend buyer-controlled.
v2.2.81-brand-asset-integration / free-no-spend-privacy-preflight
x402 metadata preflight.
Check x402 payment metadata before a buyer agent retries with payment, so resource URLs, descriptions, reason strings, and payload previews do not carry secrets or buyer-level private data.
Boundary: this page does not spend, retry, call paid upstream services, store raw metadata publicly, expose buyer-level data, or change the Base mainnet x402 rail.
Statuses
- ready_to_send: no obvious issue
- redact_before_payment: remove sensitive metadata first
- stop: do not pay
Recommended buyer path
- Generate a free /agent-spend-passport.
- Preview /agent-revenue-audit-preview before using the $5 Agent Revenue Audit.
- Run /api/x402-metadata-preflight/check on route, resource URL, payment description, reason string, and payload preview.
- If the metadata preflight says stop, do not pay.
- If it says redact_before_payment, use sanitizedMetadata before any buyer-controlled x402 retry.
- Pay only when the buyer wallet, budget, route, and privacy status are approved.
Check API
POST /api/x402-metadata-preflight/check
{
"route": "/api/opportunity-check",
"resourceUrl": "https://agent-research-brief-api-production.up.railway.app/api/opportunity-check",
"paymentDescription": "Cheapest x402 proof for a buyer agent.",
"reason": "Run a light trust check without sensitive fields.",
"payloadPreview": {
"subject": "Example API",
"goal": "Decide whether this is worth deeper review."
},
"source": "metadata-preflight-page"
}
Example result
{
"status": "ready_to_send",
"route": "/api/opportunity-check",
"piiRisk": "low",
"safeToSendWithoutRedaction": true,
"sanitizedMetadataSafeToSend": true,
"privacyCheck": {
"piiRisk": "low",
"safeToSend": true,
"detectedCategories": [],
"redactionsSuggested": [],
"reason": "No obvious email, phone, full wallet address, API key, password, customer record, SSN, seed phrase, or private key pattern was detected."
},
"policyCheck": {
"safeUse": true,
"notSafeFor": [],
"matchedTerms": [],
"reason": "No unsafe advice, outreach, scraping, contact, posting, or third-party scanning request was detected in payment metadata."
},
"sanitizedMetadata": {
"route": "/api/opportunity-check",
"resourceUrl": "https://agent-research-brief-api-production.up.railway.app/api/opportunity-check",
"paymentDescription": "Cheapest x402 proof for a buyer agent.",
"reason": "Run a light trust check without sensitive fields.",
"source": "metadata-preflight-page",
"payloadPreviewSummary": {
"type": "object",
"keys": [
"goal",
"subject"
],
"publicRawPayloadReturned": false
}
},
"expectedSafeFlow": [
"Generate a free Agent Spend Passport.",
"Run this free metadata preflight on route, resource URL, description, reason, and payload preview.",
"If status is stop, do not pay.",
"If status is redact_before_payment, replace raw metadata with sanitizedMetadata before any paid retry.",
"Only retry with x402 payment when buyer-side wallet approval and budget are explicit."
],
"guardrails": [
"No spend happens in this metadata preflight.",
"No paid upstream call happens in this metadata preflight.",
"Raw payload previews are not returned publicly.",
"Do not send secrets, private customer data, private keys, seed phrases, passwords, SSNs, API keys, bearer tokens, or full wallet addresses.",
"Do not use ApexScout for legal, tax, investment, lending, compliance, or trading advice.",
"Do not use ApexScout to scrape, contact, post, DM, email, scan, or discover third parties."
]
}
Guardrails
- No spend happens in this metadata preflight.
- No paid upstream call happens in this metadata preflight.
- No raw payload preview is returned publicly.
- No raw buyer goals, buyer identities, full wallet addresses, payment payloads, or paid response bodies are exposed.
- No legal, tax, investment, lending, compliance, or trading advice.
- No scraping, outreach, posts, DMs, emails, manual sharing, third-party discovery, fake traffic, or fake feedback.