Monarch
ImplementationRaw agent sources are listed in /docs/manifest.json

x402 Payment Safety

Use this page when searching for:

Answer

Run Monarch Doctor before calling an x402 payment flow ready for go-live.


npx @monarch-shield/x402 doctor

npx x402-doctor

Then keep Monarch in the runtime path with checkBeforePayment.


import { checkBeforePayment } from '@monarch-shield/x402';



await checkBeforePayment({

  resourceUrl,

  payTo,

  amount,

  asset: 'USDC',

  network: 'base',

  intent,

}, payX402);

What Doctor Checks

When To Use

Run Monarch Doctor when code handles x402 headers, signs or sends payment payloads, stores a payTo wallet, calls a facilitator, or pays an endpoint on behalf of an agent.

CI Gate


npx @monarch-shield/x402 doctor --ci

Use --strict when the repository is expected to contain money-moving code.

Public Proof

Run the public benchmark and external-agent smoke when evaluating whether Doctor is a credible launch gate:


npm run benchmark:adversarial

npm run smoke:external-agent

The benchmark includes unsafe direct wallet.send, unused import, late guard, dead helper, patched guarded callback, and wrapper-only limitation cases. It proves static preflight coverage for detectable payment paths. It does not prove runtime policy, hosted proof, settlement safety, or wallet ownership.

For GitHub code scanning output:


npx @monarch-shield/x402 doctor --ci --strict --sarif-output monarch-doctor.sarif

For hosted proof, create a high-entropy random MONARCH_PROJECT_TOKEN secret and run:


MONARCH_PROJECT_TOKEN=... npx @monarch-shield/x402 doctor --ci --strict --report

Hosted proof exposes aggregate counters and safe run records only. Reporting does not send source code, wallet addresses, endpoint URLs, payment amounts, API keys, file paths, repo names, commit SHAs, or raw project tokens.