XVA-402

HOW IT WORKS

Intercept

x402 Req

client → server

→

XVA-402

middleware

→

Score

risk output

Middleware sits between x402 client and server — one line to integrate
Intercepts the 402 handshake before settlement proceeds
Zero latency — scoring runs parallel with payment validation

Score

History

on-chain txns

→

ML Model

risk engine

→

0.00–1.00

composite

Queries on-chain — tx history, settle speed, failure rates, wallet age
Behavioral model — velocity patterns, counterparty graph, anomaly signals
Composite score — credit + velocity + anomaly → 0.00–1.00

Act

< 0.3

approve

0.3–0.6

reprice +bps

> 0.6

reject / escrow

Low risk — approve, x402 settles normally
Medium risk — auto-reprice, add basis points to compensate
High risk — reject outright or route to escrow

AI AGENT PILLARS

Sentinel

Credit Scoring Agent

Real-time credit scoring for AI agents and API endpoints. Analyzes on-chain transaction history, settlement speed, failure rates, and wallet behavioral patterns to produce a composite risk profile.

Credit RiskBehavioral MLOn-chain Data

Watcher

Anomaly Detection Agent

Monitors payment patterns across the x402 network. Detects velocity spikes, unusual drain patterns, suspicious payment loops, and potential sybil attacks in real-time before settlement.

Pattern DetectionSybil DefenseReal-time Alerts

Adjuster

Dynamic Pricing Agent

Auto-adjusts fee pricing based on real-time risk assessment. Risky counterparties pay higher fees, trusted agents get lower rates. Protects LPs and service providers without manual intervention.

Dynamic FeesAuto-repriceLP Protection

Oracle

On-chain Risk Registry

On-chain registry of agent reputation scores. Other protocols query XVA-402 as a risk oracle — composable, permissionless reputation layer for the entire agentic economy.

On-chain RegistryComposableRisk Oracle

ECONOMICS

Request

x402 Payment

→

XVA-402

Risk Score

→

Fee

$0.001 USDC

→

Action

Approve / Reject

risk queries paid via x402 · no token required · USDC settlement on Solana

FREE TIER

up to 1,000 queries/month

Risk score	basic (0–1)
Registry access	public
Rate limit	5 req/sec
Support	community

PAY-PER-USE

$0.001

per risk query (USDC via x402)

Risk score	full breakdown
Anomaly detection	included
Dynamic repricing	included
Webhook alerts	included
Rate limit	100 req/sec

ENTERPRISE

Custom

dedicated infrastructure

Private models	custom
Thresholds	configurable
Throughput	unlimited
SLA	guaranteed
White-label	available

SECURITY

defense-in-depth: 4 layers around every risk query

encrypted transit (TLS 1.3)

rate limiting (per-agent caps)

model validation (versioned + auditable)

RISK QUERY

fail-safe passthrough

Zero Custody

XVA-402 never holds or moves funds. Read-only access to transaction data. Non-custodial by design — no smart contract risk.

Verifiable Scores

Every risk score anchored to on-chain data. Inputs auditable, models versioned, score history published to on-chain registry.

Rate Limiting

Per-agent query caps prevent abuse. Exponential backoff on suspicious query patterns. DDoS protection at infrastructure level.

Model Transparency

Risk model weights and feature importance published. No black box — every score explained down to contributing factors.

Fail-Safe Default

If XVA-402 unreachable, default is pass-through. x402 payments proceed normally. No single point of failure.

Ephemeral Data

No persistent storage of payment details. Risk queries are ephemeral. All API communication over TLS 1.3.

UNDER THE HOOD

Stateless middleware. Sub-200ms inference. On-chain data indexed via Helius DAS. ML models served via edge functions. Registry writes use Solana's native program infrastructure. Here's the risk scoring mechanism.

xva-402 risk engine

$ xva risk-score --agent 7xK..mPq --amount 0.5 USDC

// querying on-chain history + behavioral model...

agent_id: 7xK..mPq

tx_count: 847

defaults: 0

avg_settle: 1.2s

credit_risk: 0.08

velocity_risk: 0.03

anomaly_risk: 0.01

composite: 0.12 (low)

action: APPROVE

$ xva risk-score --agent 3bR..vZn --amount 50 USDC

// querying on-chain history + behavioral model...

agent_id: 3bR..vZn

tx_count: 12

defaults: 3

avg_settle: 14.8s

credit_risk: 0.42

velocity_risk: 0.21

anomaly_risk: 0.15

composite: 0.78 (high)

anomaly_flag: VELOCITY_SPIKE

action: REJECT — fee_override: +250bps

WHITEPAPER

XVA-402 is the risk infrastructure layer for x402. As autonomous AI agents begin transacting at scale via HTTP-native payments, the need for real-time counterparty risk assessment becomes critical. XVA-402 fills this gap — providing credit scoring, anomaly detection, and dynamic pricing for every x402 transaction on Solana.

<200ms

Risk Scoring Latency

$0.001

Per Risk Query

Funds Held (Non-custodial)

∞

Fail-safe (Pass-through)

The Problem

x402 enables frictionless payments between agents, but trust is assumed. There is no native mechanism to assess whether a counterparty is reliable, solvent, or behaving anomalously. A single malicious agent can drain funds from an API provider before anyone notices. Current x402 implementations settle first, ask questions never.

The Solution

XVA-402 intercepts x402 payment handshakes and produces a real-time risk score before settlement. The score is derived from on-chain transaction history, behavioral pattern analysis, and anomaly detection. Based on the score, XVA-402 autonomously approves, rejects, or reprices the transaction — protecting both parties.

Risk Model

Composite risk score (0.00–1.00) computed from three dimensions: credit risk (tx history, default rate, wallet age, settlement speed), velocity risk (transaction frequency, volume spikes, time-of-day patterns), and anomaly risk (deviation from baseline behavior, sybil indicators, counterparty graph analysis). Each dimension weighted per pool/endpoint configuration.

Agent Architecture

Four autonomous agents operate in concert: Sentinel (credit scoring), Watcher (anomaly detection), Adjuster (dynamic fee pricing), and Oracle (on-chain reputation registry). Each agent can operate independently or be composed into a full risk pipeline. Agents communicate via shared state on Solana program accounts.

Economics

XVA-402 charges $0.001 USDC per risk query, paid via x402 itself — making it the first risk protocol that dogfoods its own payment rail. Free tier: 1,000 queries/month. No token required for usage. Revenue model is pure utility: more x402 adoption = more risk queries = more revenue. Protocol treasury funded by query fees. Enterprise tier available for dedicated infrastructure with custom risk models and SLA guarantees.

Security Model

Zero custody — XVA-402 never holds, moves, or has authority over user funds. Read-only on-chain data access. Every risk score is verifiable against on-chain inputs. Fail-safe default: if XVA-402 is unreachable, x402 payments pass through unblocked. No single point of failure. All queries ephemeral — no persistent storage of payment details. TLS 1.3 encrypted transit.

Roadmap

V1 (Now): Middleware SDK, basic risk scoring, public agent registry, pay-per-use pricing. V2: ML model upgrades (gradient boosted trees → neural), cross-chain risk scores (Base, Arbitrum), webhook alert system. V3: Decentralized risk oracle network, on-chain governance for model parameters, multi-token collateral risk assessment.

API REFERENCE

GET /v1/risk/score Get risk score for an agent

Parameters

`agent_id`	Solana public key of the agent wallet
`amount`	Transaction amount (e.g. "0.5")
`token`	Token mint address or symbol (default: USDC)
`detail`	Return full breakdown (true/false, default: false)

Response

{ "agent_id": "7xK..mPq", "score": 0.12, "action": "APPROVE", "breakdown": { "credit_risk": 0.08, "velocity_risk": 0.03, "anomaly_risk": 0.01 }, "meta": { "tx_count": 847, "defaults": 0, "avg_settle_ms": 1200, "wallet_age_days": 142 }, "timestamp": 1710720000 }

GET /v1/risk/anomaly Check for anomaly flags on an agent

Parameters

`agent_id`	Solana public key of the agent wallet
`window`	Lookback window in minutes (default: 60)

Response

{ "agent_id": "3bR..vZn", "flags": [ "VELOCITY_SPIKE", "NEW_WALLET" ], "severity": "high", "details": { "tx_last_hour": 48, "baseline_avg": 3, "deviation": "16x" } }

POST /v1/risk/reprice Get adjusted fee for a risky transaction

Request Body

{ "agent_id": "3bR..vZn", "base_fee_bps": 30, "amount": "50", "token": "USDC" }

Response

{ "agent_id": "3bR..vZn", "base_fee_bps": 30, "risk_adjustment_bps": 250, "total_fee_bps": 280, "reason": "high_risk_counterparty", "score": 0.78 }

GET /v1/registry/{agent_id} Query the on-chain agent reputation registry

Parameters

agent_id Solana public key of the agent wallet

Response

{ "agent_id": "7xK..mPq", "reputation": "trusted", "lifetime_score": 0.09, "total_txns": 847, "total_volume_usdc": 12450.80, "default_rate": 0.0, "first_seen": "2025-10-14", "on_chain": "true" }

Status Codes

200

Success — risk score returned

402

Payment Required — send USDC via x402 to access

404

Agent not found in registry

429

Rate limit exceeded — back off and retry

500

Internal error — fail-safe: payments pass through

503

Service unavailable — fail-safe: payments pass through

INTEGRATION GUIDE — 5 MINUTES

Step 1

Install

→

Step 2

Configure

→

Step 3

Add Middleware

→

Step 4

Test

→

Step 5

Deploy

Install the SDK

~30 seconds

Install the XVA-402 middleware package. Works with any Node.js/Express x402 server.

$ npm install @xva402/middleware

Requirements: Node.js 18+, existing x402 server setup (e.g. x402-express or custom implementation).

Configure risk thresholds

~1 minute

Create a config file or pass options inline. Define what happens at each risk level.

// xva.config.js export default { apiKey: process.env.XVA_API_KEY, thresholds: { approve: 0.3, // score < 0.3 → approve reprice: 0.6, // score 0.3–0.6 → add bps reject: 0.6, // score > 0.6 → reject }, maxFeeBps: 500, // cap repricing at 5% fallback: "passthrough", // if XVA unreachable network: "mainnet", }

Add middleware to your x402 server

~1 minute

One line. The middleware intercepts x402 payment headers, scores the counterparty, and acts before your handler runs.

// server.js import express from "express"; import { paymentMiddleware } from "x402-express"; import { xvaMiddleware } from "@xva402/middleware"; import config from "./xva.config.js"; const app = express(); // existing x402 payment middleware app.use(paymentMiddleware({ "GET /api/data": { price: "$0.01", network: "solana", token: "USDC", }, })); // ← add XVA-402 risk layer (one line) app.use(xvaMiddleware(config)); app.get("/api/data", (req, res) => { // req.xva contains the risk score console.log(req.xva.score); // 0.12 console.log(req.xva.action); // "APPROVE" res.json({ data: "your protected resource" }); });

That's it. The middleware handles everything: intercept, score, approve/reject/reprice. Your handler only runs if the transaction passes the risk check.

Test with the CLI

~1 minute

Use the XVA CLI to simulate risk queries against your server before going live.

$ npx @xva402/cli test --server http://localhost:3000 // simulating low-risk agent... ✓ Agent 7xK..mPq → score: 0.12 → APPROVE (1.8ms) // simulating high-risk agent... ✗ Agent 3bR..vZn → score: 0.78 → REJECT (2.1ms) // simulating medium-risk agent... ~ Agent 9fL..kWx → score: 0.44 → REPRICE +120bps (1.6ms) All 3 scenarios passed. Ready to deploy.

Deploy

~30 seconds

Deploy your server. XVA-402 risk scoring is now live on every incoming x402 payment. Monitor via the dashboard or webhook alerts.

$ npm run deploy ✓ Server live at https://your-api.com ✓ XVA-402 middleware active ✓ Risk scoring: enabled ✓ Fail-safe: passthrough ✓ Free tier: 847 / 1,000 queries remaining

Upgrade anytime. When you hit 1,000 queries/month, XVA-402 automatically switches to pay-per-use ($0.001/query via x402). No downtime, no config change.

Intercept

Score

Act

Zero Custody

Verifiable Scores

Rate Limiting

Model Transparency

Fail-Safe Default

Ephemeral Data

The Problem

The Solution

Risk Model

Agent Architecture

Economics

Security Model

Roadmap

Status Codes

Start Scoring Risk