Security by design. Audit-friendly by default.
No security through obscurity. The router that handles every payment is audit-friendly by design — diagrams, EIP-712 signature recovery, public test counts, and an Ed25519-signed event stream. Every settlement is on-chain at 0xD6E8…2878. Every operational event is Ed25519-signed and publicly verifiable. Sprint 14 ran five independent audits — three full passes, two partial (with all findings now closed in Sprint 16).
Coinbase facilitators went silent for 25 days. We didn't.
In January 2026 the Coinbase CDP x402 facilitator was unreachable for 25 consecutive days. Marketplaces that depended on a single rail went dark with it. tools402 kept settling because we had a local-key signer active from day one.
Multiple x402 facilitators run in parallel on the chains we accept buyer payment on (Base, Polygon, and Solana), with sub-500 ms automatic failover. A local-key signer covers full external-facilitator outages. The router cycles by measured p95 latency, not by static priority, so we shift before users notice. Tier 2 EVM chains (Arbitrum, Optimism, Avalanche) appear on /v1/_health as settlement infrastructure but are not yet returned in 402 quotes.
Cycle on health check fail. No human in the loop.
The piece that keeps us alive during a facilitator outage is a proprietary routing engine — 105 tests, 100 % coverage, battle-tested in production.
Five audits ran in May 2026. All findings closed.
Sprint 14 dedicated 48 hours to a structured audit pass on the sell-side V1 stack. Three audits passed clean. Two surfaced findings — all six closed in Sprint 16 / 17 by the time of writing.
0xD6E8…2878 vs settlement SETTLEMENT_PRIVATE_KEYledger.take_rateThe two partials produced six concrete findings : autosuspend inline check < 1s, EIP-3009 fast-path recordLedger, cache lag 60s → 10s post-cron, SENTRY_DSN injection prod, GIT_SHA deploy inject, balance pre-batch alert. All six landed on the Sprint 16 backlog and are closed. Audit log entries for each in /v1/_audit →.
EIP-712 signatures. Ed25519 audit chain.
Quotes are signed. Every 402 quote is an EIP-712 typed-data structure (domain, primary type X402Quote, scheme exact, network base, amount, asset, payTo, expiry). The recipient address is recoverable from the signature, so even if the response is intercepted, the buyer can verify the quote came from tools402.
Mandates are signed. AP2 IntentMandates issued by /v1/agent/identity are EIP-712 typed data with chainId 8453 (Base). The verify endpoint returns a recoverable signature you can match against tools402's wallet.
Audit events are signed. Every operational event in /v1/_audit carries an Ed25519 signature. The public key is at /.well-known/audit-pubkey.pem. Pin it once, verify any event from any future URL we ever publish.
22 metrics. 7 alert rules. Sliding window P99.
Sentry tracks 22 named metrics across error rates, payment latency, facilitator latency, sell-side settlement, AP2 mandate verification, and observability infrastructure. Seven alert rules fire on P99 sliding-window thresholds — not single-event spikes, which generate noise.
Stack components, all open source : Bun 1.3.13 + Hono runtime, viem wallet ops, SQLite WAL + litestream with Cloudflare R2 backup (RPO 85ms), Modal Firecracker microVMs for /v1/agent/sandbox, Pinecone serverless us-east-1 for /v1/agent/memory, Sentry for monitoring.
Lead-only-commit discipline : no commit ships to feat/sell-side-v2 without Lead audit. 968+ tests pass on every commit. Zero rollback in 25 commits this week.
Report a vulnerability.
How to reach us.
Found something that needs our attention? Email us directly. We acknowledge every report within 24 hours and run triage within 48. Critical issues get fixed and disclosed publicly within 7 days; low-severity ones get a CVE-style writeup in /changelog after the fix ships.
security@tools402.dev