# Monarch for Stripe ACP / Bridge Stablecoin Flows Proof Pack # Scenario: Agentic checkout plus stablecoin settlement is blocked until Monarch runs before checkout completion. ## Unsafe Stripe ACP / Bridge stablecoin project fails Doctor $ node packages/x402/src/cli.js doctor --root examples/stripe-bridge-stablecoin-proof-pack/unsafe --ci --strict { "tool": "monarch-doctor", "status": "failed", "ready": false, "applicable": true, "root": "examples/stripe-bridge-stablecoin-proof-pack/unsafe", "strict": true, "summary": "Money-moving code is not ready. Patch the reported payment files before go-live.", "checks": [ { "id": "payment_flow_scanned", "passed": true, "message": "Payment flow detected." }, { "id": "monarch_before_payment", "passed": false, "message": "One or more payment files lack a Monarch check before payment." }, { "id": "sandbox_passed", "passed": true, "message": "Sandbox scenarios passed." } ], "unprotectedPaymentFiles": [ "agentic-checkout-stablecoin.js" ], "findings": [ { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "pay-to wallet handling found", "rails": [ "wallet" ], "ruleId": "monarch.payment.pay-to-wallet-handling-found", "location": { "startLine": 19, "startColumn": 88 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "stablecoin payment handling found", "rails": [ "stablecoin" ], "ruleId": "monarch.payment.stablecoin-payment-handling-found", "location": { "startLine": 11, "startColumn": 10 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "Stripe payment processor handling found", "rails": [ "stripe" ], "ruleId": "monarch.payment.stripe-payment-processor-handling-found", "location": { "startLine": 1, "startColumn": 10 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "Agentic commerce or Bridge stablecoin payment handling found", "rails": [ "stripe", "stablecoin" ], "ruleId": "monarch.payment.agentic-commerce-or-bridge-stablecoin-payment-handling-found", "location": { "startLine": 11, "startColumn": 10 } } ], "sandbox": [ { "id": "missing-prepayment-check", "title": "Payment flow has no pre-payment trust check", "expected": "block", "actual": "block", "passed": true, "reason": "Monarch is not called before payment." }, { "id": "verified-low-risk", "title": "Verified endpoint, low risk", "expected": "allow", "actual": "allow", "passed": true, "reason": "Endpoint ownership, pay-to wallet, and delivery reliability are acceptable for sandbox use." }, { "id": "unknown-wrapper", "title": "Unknown wrapper", "expected": "caution", "actual": "caution", "passed": true, "reason": "The endpoint may be a wrapper and provider authorization is not visible." }, { "id": "changed-pay-to-wallet", "title": "Changed pay-to wallet", "expected": "block", "actual": "block", "passed": true, "reason": "The endpoint recently changed its payment destination." }, { "id": "failed-delivery", "title": "Endpoint accepts payment but fails delivery", "expected": "caution", "actual": "caution", "passed": true, "reason": "Recent paid calls did not consistently return usable responses." }, { "id": "verified-alternative", "title": "Risky endpoint with verified alternative", "expected": "route", "actual": "route", "passed": true, "reason": "A lower-risk verified alternative can satisfy the same intent." } ], "recommendation": "Run `npx @monarch-shield/x402 sandbox`, then add `checkBeforePayment` before signing or sending funds." } ## Patched Stripe ACP / Bridge stablecoin project passes Doctor $ node packages/x402/src/cli.js doctor --root examples/stripe-bridge-stablecoin-proof-pack/patched --ci --strict { "tool": "monarch-doctor", "status": "passed", "ready": true, "applicable": true, "root": "examples/stripe-bridge-stablecoin-proof-pack/patched", "strict": true, "summary": "Money-moving code has a Monarch check in payment files and sandbox scenarios passed.", "checks": [ { "id": "payment_flow_scanned", "passed": true, "message": "Payment flow detected." }, { "id": "monarch_before_payment", "passed": true, "message": "Monarch check reference detected in payment files." }, { "id": "sandbox_passed", "passed": true, "message": "Sandbox scenarios passed." } ], "unprotectedPaymentFiles": [], "findings": [ { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "pay-to wallet handling found", "rails": [ "wallet" ], "ruleId": "monarch.payment.pay-to-wallet-handling-found", "location": { "startLine": 42, "startColumn": 5 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "stablecoin payment handling found", "rails": [ "stablecoin" ], "ruleId": "monarch.payment.stablecoin-payment-handling-found", "location": { "startLine": 13, "startColumn": 10 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "Stripe payment processor handling found", "rails": [ "stripe" ], "ruleId": "monarch.payment.stripe-payment-processor-handling-found", "location": { "startLine": 3, "startColumn": 10 } }, { "kind": "payment_flow", "file": "agentic-checkout-stablecoin.js", "message": "Agentic commerce or Bridge stablecoin payment handling found", "rails": [ "stripe", "stablecoin" ], "ruleId": "monarch.payment.agentic-commerce-or-bridge-stablecoin-payment-handling-found", "location": { "startLine": 13, "startColumn": 10 } }, { "kind": "monarch_check", "file": "agentic-checkout-stablecoin.js", "message": "Monarch pre-payment guard detected before payment execution", "rails": [], "ruleId": "monarch.guard.check-before-payment", "location": { "startLine": 48, "startColumn": 10 } } ], "sandbox": [ { "id": "missing-prepayment-check", "title": "Payment flow has no pre-payment trust check", "expected": "block", "actual": "block", "passed": true, "reason": "Monarch is not called before payment." }, { "id": "verified-low-risk", "title": "Verified endpoint, low risk", "expected": "allow", "actual": "allow", "passed": true, "reason": "Endpoint ownership, pay-to wallet, and delivery reliability are acceptable for sandbox use." }, { "id": "unknown-wrapper", "title": "Unknown wrapper", "expected": "caution", "actual": "caution", "passed": true, "reason": "The endpoint may be a wrapper and provider authorization is not visible." }, { "id": "changed-pay-to-wallet", "title": "Changed pay-to wallet", "expected": "block", "actual": "block", "passed": true, "reason": "The endpoint recently changed its payment destination." }, { "id": "failed-delivery", "title": "Endpoint accepts payment but fails delivery", "expected": "caution", "actual": "caution", "passed": true, "reason": "Recent paid calls did not consistently return usable responses." }, { "id": "verified-alternative", "title": "Risky endpoint with verified alternative", "expected": "route", "actual": "route", "passed": true, "reason": "A lower-risk verified alternative can satisfy the same intent." } ], "recommendation": "No missing Monarch pre-payment check detected." } ## Sandbox proves unsafe payment branches $ node packages/x402/src/cli.js sandbox Monarch sandbox - PASS missing-prepayment-check: expected block, got block - PASS verified-low-risk: expected allow, got allow - PASS unknown-wrapper: expected caution, got caution - PASS changed-pay-to-wallet: expected block, got block - PASS failed-delivery: expected caution, got caution - PASS verified-alternative: expected route, got route