Skip to content

Releases: DzikPasnik/x402Guard

v0.1.0 — Non-Custodial x402 Safety Proxy for AI Agents

14 Mar 22:58
@DzikPasnik DzikPasnik
v0.1.0
c1a16d1

Choose a tag to compare

View all tags
v0.1.0 — Non-Custodial x402 Safety Proxy for AI Agents Latest
Latest

x402Guard v0.1.0

Non-custodial safety proxy for autonomous DeFi agents on Base (EVM) and Solana. Production-ready with 106 proxy tests + 13 Solana integration tests.

Install

npm install @x402guard/core
import { X402GuardClient } from "@x402guard/core";

const client = new X402GuardClient({
  proxyUrl: "https://x402guard-production.up.railway.app",
  agentId: "your-agent-uuid",
  apiKey: "your-api-key",
});

Live demo: x402guard.dev/agent
Docs: x402guard.dev/docs

🚀 Features

  • x402 Payment Proxy: Rust (Tokio + Axum) proxy intercepting HTTP 402 payments with EIP-3009 verification
  • Guardrails Engine: 5 rule types — MaxSpendPerTx, MaxSpendPerDay, AllowedContracts, MaxLeverage, MaxSlippage
  • EIP-7702 Session Keys: Scoped, time-limited signing authority for agents on Base
  • Solana PDA Vault: Anchor program with per-owner vault, on-chain guardrails, program whitelist
  • Revoke System: Batch revocation and agent deactivation with immutable audit log
  • Dashboard: Next.js 16 app with SIWE wallet auth, agent CRUD, guardrail rules manager, session key manager, spend monitoring
  • AI Agent Demo: Live interactive demo at /agent with 7 proxy tools
  • Integration Plugins: ElizaOS, Virtuals Protocol, Cod3x, OpenClaw, @x402guard/core SDK
  • TypeScript SDK: 14-method client with Zod validation, pino logging, exponential retry

🔒 Security

  • 6 CRITICAL vulnerabilities found and fixed in security audit
  • Atomic daily spend tracking (TOCTOU race prevention)
  • API key middleware on all management routes (fail-closed)
  • Dashboard IDOR prevention with assertAgentOwnership()
  • RLS enabled on all 5 Supabase tables
  • Hardcoded USDC mint validation (devnet + mainnet)
  • Constant-time API key comparison
  • Reserve-then-forward pattern for all spend operations

🐛 Bug Fixes

  • PostgreSQL SUM(BIGINT) → NUMERIC cast fix
  • ScrollFloat CSS override removal for Tailwind compatibility
  • SIWE session persistence via @supabase/ssr cookies
  • Railway PORT binding for healthcheck compatibility
  • npm cross-platform lock file handling in CI

📚 Documentation

  • Comprehensive README with architecture, API reference, deployment guide
  • SECURITY.md with disclosure policy and security model
  • CONTRIBUTING.md with coding standards and PR workflow
  • Per-integration READMEs with runnable examples
  • SEO: JSON-LD schema, OG images, breadcrumbs, sitemap

🏗️ Infrastructure

  • GitHub Actions CI with Node.js 24, gitleaks, Solana Anchor builds
  • Railway deployment (Rust proxy, us-west2)
  • Vercel deployment (Next.js dashboard, x402guard.dev)
  • Supabase PostgreSQL + Upstash Redis
  • E2E tests with Playwright

Full changelog: https://github.com/DzikPasnik/x402Guard/commits/v0.1.0

Assets 2
Loading