# Monarch for Virtuals ACP Proof Pack
# Scenario: Virtuals ACP USDC escrow job funding is blocked until Monarch runs before escrow funding.

## Unsafe Virtuals ACP project fails Doctor
$ node packages/x402/src/cli.js doctor --root examples/virtuals-acp-proof-pack/unsafe --ci --strict
{
  "tool": "monarch-doctor",
  "status": "failed",
  "ready": false,
  "applicable": true,
  "root": "examples/virtuals-acp-proof-pack/unsafe",
  "strict": true,
  "summary": "Money-moving code is not ready. Patch the reported payment files before go-live.",
  "checks": [
    {
      "id": "payment_flow_scanned",
      "passed": true,
      "message": "Payment flow detected."
    },
    {
      "id": "monarch_before_payment",
      "passed": false,
      "message": "One or more payment files lack a Monarch check before payment."
    },
    {
      "id": "sandbox_passed",
      "passed": true,
      "message": "Sandbox scenarios passed."
    }
  ],
  "unprotectedPaymentFiles": [
    "acp-job-escrow.js"
  ],
  "findings": [
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "pay-to wallet handling found",
      "rails": [
        "wallet"
      ],
      "ruleId": "monarch.payment.pay-to-wallet-handling-found",
      "location": {
        "startLine": 18,
        "startColumn": 79
      }
    },
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "stablecoin payment handling found",
      "rails": [
        "stablecoin"
      ],
      "ruleId": "monarch.payment.stablecoin-payment-handling-found",
      "location": {
        "startLine": 2,
        "startColumn": 3
      }
    },
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "Virtuals ACP payment handling found",
      "rails": [
        "stablecoin",
        "wallet"
      ],
      "ruleId": "monarch.payment.virtuals-acp-payment-handling-found",
      "location": {
        "startLine": 7,
        "startColumn": 10
      }
    }
  ],
  "sandbox": [
    {
      "id": "missing-prepayment-check",
      "title": "Payment flow has no pre-payment trust check",
      "expected": "block",
      "actual": "block",
      "passed": true,
      "reason": "Monarch is not called before payment."
    },
    {
      "id": "verified-low-risk",
      "title": "Verified endpoint, low risk",
      "expected": "allow",
      "actual": "allow",
      "passed": true,
      "reason": "Endpoint ownership, pay-to wallet, and delivery reliability are acceptable for sandbox use."
    },
    {
      "id": "unknown-wrapper",
      "title": "Unknown wrapper",
      "expected": "caution",
      "actual": "caution",
      "passed": true,
      "reason": "The endpoint may be a wrapper and provider authorization is not visible."
    },
    {
      "id": "changed-pay-to-wallet",
      "title": "Changed pay-to wallet",
      "expected": "block",
      "actual": "block",
      "passed": true,
      "reason": "The endpoint recently changed its payment destination."
    },
    {
      "id": "failed-delivery",
      "title": "Endpoint accepts payment but fails delivery",
      "expected": "caution",
      "actual": "caution",
      "passed": true,
      "reason": "Recent paid calls did not consistently return usable responses."
    },
    {
      "id": "verified-alternative",
      "title": "Risky endpoint with verified alternative",
      "expected": "route",
      "actual": "route",
      "passed": true,
      "reason": "A lower-risk verified alternative can satisfy the same intent."
    }
  ],
  "recommendation": "Run `npx @monarch-shield/x402 sandbox`, then add `checkBeforePayment` before signing or sending funds."
}

## Patched Virtuals ACP project passes Doctor
$ node packages/x402/src/cli.js doctor --root examples/virtuals-acp-proof-pack/patched --ci --strict
{
  "tool": "monarch-doctor",
  "status": "passed",
  "ready": true,
  "applicable": true,
  "root": "examples/virtuals-acp-proof-pack/patched",
  "strict": true,
  "summary": "Money-moving code has a Monarch check in payment files and sandbox scenarios passed.",
  "checks": [
    {
      "id": "payment_flow_scanned",
      "passed": true,
      "message": "Payment flow detected."
    },
    {
      "id": "monarch_before_payment",
      "passed": true,
      "message": "Monarch check reference detected in payment files."
    },
    {
      "id": "sandbox_passed",
      "passed": true,
      "message": "Sandbox scenarios passed."
    }
  ],
  "unprotectedPaymentFiles": [],
  "findings": [
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "pay-to wallet handling found",
      "rails": [
        "wallet"
      ],
      "ruleId": "monarch.payment.pay-to-wallet-handling-found",
      "location": {
        "startLine": 25,
        "startColumn": 5
      }
    },
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "stablecoin payment handling found",
      "rails": [
        "stablecoin"
      ],
      "ruleId": "monarch.payment.stablecoin-payment-handling-found",
      "location": {
        "startLine": 4,
        "startColumn": 3
      }
    },
    {
      "kind": "payment_flow",
      "file": "acp-job-escrow.js",
      "message": "Virtuals ACP payment handling found",
      "rails": [
        "stablecoin",
        "wallet"
      ],
      "ruleId": "monarch.payment.virtuals-acp-payment-handling-found",
      "location": {
        "startLine": 9,
        "startColumn": 10
      }
    },
    {
      "kind": "monarch_check",
      "file": "acp-job-escrow.js",
      "message": "Monarch pre-payment guard detected before payment execution",
      "rails": [],
      "ruleId": "monarch.guard.check-before-payment",
      "location": {
        "startLine": 38,
        "startColumn": 10
      }
    }
  ],
  "sandbox": [
    {
      "id": "missing-prepayment-check",
      "title": "Payment flow has no pre-payment trust check",
      "expected": "block",
      "actual": "block",
      "passed": true,
      "reason": "Monarch is not called before payment."
    },
    {
      "id": "verified-low-risk",
      "title": "Verified endpoint, low risk",
      "expected": "allow",
      "actual": "allow",
      "passed": true,
      "reason": "Endpoint ownership, pay-to wallet, and delivery reliability are acceptable for sandbox use."
    },
    {
      "id": "unknown-wrapper",
      "title": "Unknown wrapper",
      "expected": "caution",
      "actual": "caution",
      "passed": true,
      "reason": "The endpoint may be a wrapper and provider authorization is not visible."
    },
    {
      "id": "changed-pay-to-wallet",
      "title": "Changed pay-to wallet",
      "expected": "block",
      "actual": "block",
      "passed": true,
      "reason": "The endpoint recently changed its payment destination."
    },
    {
      "id": "failed-delivery",
      "title": "Endpoint accepts payment but fails delivery",
      "expected": "caution",
      "actual": "caution",
      "passed": true,
      "reason": "Recent paid calls did not consistently return usable responses."
    },
    {
      "id": "verified-alternative",
      "title": "Risky endpoint with verified alternative",
      "expected": "route",
      "actual": "route",
      "passed": true,
      "reason": "A lower-risk verified alternative can satisfy the same intent."
    }
  ],
  "recommendation": "No missing Monarch pre-payment check detected."
}

## Sandbox proves unsafe payment branches
$ node packages/x402/src/cli.js sandbox
Monarch sandbox
- PASS missing-prepayment-check: expected block, got block
- PASS verified-low-risk: expected allow, got allow
- PASS unknown-wrapper: expected caution, got caution
- PASS changed-pay-to-wallet: expected block, got block
- PASS failed-delivery: expected caution, got caution
- PASS verified-alternative: expected route, got route