feat: trust anchoring, in-browser x402 checkout, funnel + positioning#7
Open
vinaybhosle wants to merge 3 commits into
Open
feat: trust anchoring, in-browser x402 checkout, funnel + positioning#7vinaybhosle wants to merge 3 commits into
vinaybhosle wants to merge 3 commits into
Conversation
Implements the four gaps from the 2026-06-23 strategic review. Lag 1 β externally-anchored trust signals (answers the self-report critique): - src/livenessProbe.js: independent endpoint liveness probe (30-min sweep), SSRF-hardened with connect-time IP pinning + no redirect-follow - reputation.js / trust.js: additive provenance + independent_signals on /trust/check (numeric score unchanged; backward compatible) - stamp.js /event: counterparty attestations (attestation_type, attester_wallet, monotonic sequence) with anti-spam dedupe + atomic transaction - DB migrations: agents.liveness_*, stamp_events attestation cols, liveness_checks Lag 2 β revenue funnel: - web/lib/payment.ts: in-browser x402 paid mint (viem + x402-fetch), Base auto-switch, per-tier USDC cap, never-fake-success, double-charge-on-retry guard - register/page.tsx: fixed pricing display ($0.001/$0.005/$0.01), clickable tiers - src/routes/funnel.js + web/lib/analytics.ts: cookieless funnel instrumentation Lag 3 β distribution: Partner/integrate CTA on footer + registry profiles Lag 4 β positioning: open-web wedge hero, enterprise contrast band, is/is-not band Also refreshes CLAUDE.md (security notes resolved), gitignores operational artifacts, and bundles pending branch doc/SEO edits. Backend unit tests 273/273; web build clean (35/35 pages).
β¦rop stale v2.3.0 - Hero pill: stale "v2.3.0 β ..." β durable highlights (ERC-8004 reputation layer, Ed25519 forensic audit, 3-line SDK) - Repurpose the "What's New in v2.3.0" block into a "Trust you can't fake" section surfacing the externally-anchored trust signals (self-reported vs verified, independent liveness, cryptographic wallet proof, counterparty attestation) β model-level copy, no "live API" claim (provenance API ships with the backend reload) - Remove now-unused Fingerprint import Deployed to agentstamp.org (build + pm2 restart agentstamp-web).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the four gaps surfaced in the 2026-06-23 strategic review (trust intelligence: feature-complete but pre-revenue and self-referential).
Lag 1 β Externally-anchored trust signals (answers the core "self-report" critique)
src/livenessProbe.jsβ independent 30-min probe of each agent's declared endpoint. SSRF-hardened: connect-time IP pinning (defeats DNS-rebinding) viahttps+ pinnedlookup, no redirect-follow, status-only, 30-day retention.reputation.js/trust.jsβ additiveprovenance {self_reported, independently_verified, independent_pct}+independent_signalson/trust/check. Numeric score formula unchanged (backward compatible).stamp.js /eventβ counterparty attestations: a relying party can co-sign an outcome about another agent (attestation_type: counterparty_confirmed,attester_wallet, monotonicsequence), with 10-min anti-spam dedupe + atomic transaction. Self-report path unchanged.Lag 2 β Revenue funnel
web/lib/payment.tsβ in-browser x402 paid mint (viem + x402-fetch): Base chain auto-switch, per-tier USDC cap, never shows success without a backend 201, and blocks double-charge on retry.register/page.tsxβ fixed the pricing bug (all tiers showed$0.01β now$0.001 / $0.005 / $0.01), clickable tier badges.src/routes/funnel.js+web/lib/analytics.tsβ cookieless, PII-stripped funnel instrumentation (POST /funnel/event,GET /funnel/summary).Lag 3 β Distribution
mailto:vinay@agentstamp.org) on the footer + every registry profile.Lag 4 β Positioning
Verification
:4005(old code) and are gated by its rate limiter, so they reflect old behavior untilpm2 reload. The in-process unit suite is the authoritative signal.Test plan
pm2 reload agentstamp-backend(idempotent DB migrations auto-run on boot; liveness cron starts)pm2 reload agentstamp-web/trust/check/:walletreturnsprovenance+independent_signalsNotes
CLAUDE.md(stale "in progress" security notes β resolved) and adds.gitignorerules for operational artifacts.codex/agentstamp-audit-fixcommits (dependency/security audit fixes) and bundles some pending branch doc/SEO edits.π€ Generated with Claude Code