{ "company": "the402", "slug": "the402", "website": "https://the402.ai", "audit_date": "2026-04-07", "overall_score": 75, "tier": "Emerging", "tier_as_published": "E", "pillars": { "P1": { "name": "Signal Architecture", "score": 23, "max": 25 }, "P2": { "name": "Clarity Stack", "score": 18, "max": 25 }, "P3": { "name": "Trust Envelope", "score": 11, "max": 20 }, "P4": { "name": "Velocity Triggers", "score": 9, "max": 10 }, "P5": { "name": "Gravity Design", "score": 14, "max": 20 } }, "criteria": [ { "id": "P1-A", "pillar": "P1", "name": "Structured Data", "score": 4, "max": 5, "evidence": "Organization, WebSite (with SearchAction), and SoftwareApplication schemas confirmed on homepage via scrape. Missing Offer and AggregateRating schemas that would enable direct agent pricing inference and social proof evaluation." }, { "id": "P1-B", "pillar": "P1", "name": "Machine-Readable Pricing", "score": 5, "max": 5, "evidence": "OpenAPI 3.1.0 spec published at https://api.the402.ai/openapi.json. Per-endpoint pricing embedded in API docs (e.g., /v1/register costs $0.01, /v1/services/catalog is free, /v1/threads/:id/inquire costs $0.001). Service catalog API returns live pricing data per listing. Best-in-class for machine-readable pricing." }, { "id": "P1-C", "pillar": "P1", "name": "llms.txt / Agent Layer", "score": 5, "max": 5, "evidence": "/llms.txt confirmed present (referenced in robots.txt). /llms-full.txt confirmed at https://the402.ai/llms-full.txt with full API reference including all endpoints, parameters, and pricing. Purpose-built for LLM consumption." }, { "id": "P1-D", "pillar": "P1", "name": "API / MCP Availability", "score": 5, "max": 5, "evidence": "OpenAPI 3.1.0 spec, 31 MCP tools via @the402/mcp-server (npm), /.well-known/the402.json discovery manifest, REST API at https://api.the402.ai. Full agent card + spec + MCP server \u2014 the complete stack." }, { "id": "P1-E", "pillar": "P1", "name": "Discoverability (GEO)", "score": 4, "max": 5, "evidence": "robots.txt explicitly names and grants access to GPTBot, ChatGPT-User, ClaudeBot, Claude-Web, Google-Extended, PerplexityBot, Applebot-Extended, Bytespider, cohere-ai, Meta-ExternalAgent. Sitemap at https://the402.ai/sitemap-index.xml. Deducting 1 for limited AI search footprint as a newer platform." }, { "id": "P2-A", "pillar": "P2", "name": "Offer Completeness", "score": 5, "max": 5, "evidence": "Machine-parseable catalog at GET /v1/services/catalog returns all services with type, price, fulfillment speed, provider reputation, and escrow model. Full offer picture available from a single free API call. Textbook agent-native offer completeness." }, { "id": "P2-B", "pillar": "P2", "name": "Scope & Limits", "score": 4, "max": 5, "evidence": "Rate limits explicitly documented: 120 req/min for general /v1/* endpoints, 5/min for registration, 10/min for balance deposit, 3\u201310/min for auth. 429 responses include Retry-After header. Anti-gaming limits on referrals (10/day, $500/month cap). Minor deduction: no per-service or per-tier variation documented." }, { "id": "P2-C", "pillar": "P2", "name": "Substitution & Fallback Rules", "score": 1, "max": 5, "evidence": "No explicit substitution or fallback protocol for service unavailability documented. When a provider's webhook is unreachable (503), the error is surfaced to the agent but no alternative routing or fallback service is offered." }, { "id": "P2-D", "pillar": "P2", "name": "Conditional Logic Transparency", "score": 4, "max": 5, "evidence": "Payment conditions are machine-readable: human services require x402 (not balance), returning 400 if wrong method used. 402 response body includes \"How do I pay?\" guidance with provider reputation context. Payment-as-auth model explicit in /llms-full.txt. Subscription bypass for covered services documented. Minor deduction: edge cases (past_due state, retry behavior) documented in prose rather than structured format." }, { "id": "P2-E", "pillar": "P2", "name": "Semantic Precision", "score": 4, "max": 5, "evidence": "Precise throughout: price ranges per service category with exact dollar amounts ($0.001\u2013$1, $0.50\u2013$10, $25\u2013$1,000+), fulfillment times (< 5 sec, seconds\u2013minutes, hours\u2013days), 5% platform fee, 200ms settlement time, HMAC-SHA256 webhook signing, AES-256-GCM credential encryption. Occasional marketing phrase (\"open marketplace\") but non-obscuring." }, { "id": "P3-A", "pillar": "P3", "name": "Verifiable Performance", "score": 2, "max": 5, "evidence": "/health endpoint returns platform status. Provider reputation scores (0\u2013100) based on real job history provide service-level reliability signals. No public uptime status page or third-party verified SLA found. Settlement time self-reported at ~200ms. Score capped at 2 per evidence rule." }, { "id": "P3-B", "pillar": "P3", "name": "Scoped Permissions", "score": 3, "max": 5, "evidence": "Payment-as-auth model scopes each transaction to exactly the amount authorized (per EIP-3009 signed transfer). Pre-funded balance model uses API key. Escrow protects agents from non-delivery. No explicit time-bounded, action-count-bounded, or dollar-cap-bounded agent permission tokens \u2014 which would push to 5." }, { "id": "P3-C", "pillar": "P3", "name": "Audit Trail", "score": 4, "max": 5, "evidence": "Strong audit architecture: job_id correlation per transaction, request_id in all error responses, full thread history accessible via GET /v1/threads/:id, on-chain transaction hash returned in X-PAYMENT-RESPONSE header, HMAC-SHA256 signed webhooks with replay-attack protection (5-minute timestamp window). Machine-accessible via API. Deducting 1 because no dedicated agent-queryable \"my transactions\" history endpoint was found in docs." }, { "id": "P3-D", "pillar": "P3", "name": "Behavioral Consistency", "score": 2, "max": 5, "evidence": "API versioned at /v1/ (stable namespace). Webhook signature format stable and documented. Subscription retry behavior (3 attempts over 72h) documented. No version-controlled ToS, no stated notice period for pricing changes, no public changelog found. Early-stage platform." }, { "id": "P4-A", "pillar": "P4", "name": "Friction-Free Activation", "score": 5, "max": 5, "evidence": "No registration required for basic x402 purchases \u2014 any agent with a USDC wallet on Base can transact immediately. Optional registration is $0.01 (automated). MCP server installs in ~2 minutes from npm. Pre-funded balance path is ~5 minutes. No human gate, no approval process, no sales call." }, { "id": "P4-B", "pillar": "P4", "name": "Agent Decision Signals", "score": 4, "max": 5, "evidence": "Free catalog at GET /v1/services/catalog includes: price, service type, fulfillment speed, provider reputation score (0\u2013100), completion rate, confidence level, escrow model, category tags. Agents have strong programmatic signals for evaluation and selection. Deducting 1 because no explicit \"try before you buy\" free tier for paid services exists." }, { "id": "P5-A", "pillar": "P5", "name": "Integration Depth / Switching Cost", "score": 3, "max": 5, "evidence": "On-chain wallet identity creates persistent agent identity across sessions. Thread history and reputation are tied to wallet address \u2014 switching to a competitor means starting reputation from zero. 31 MCP tools create workflow integration depth. Switching cost is real but not yet deep enough for 4+." }, { "id": "P5-B", "pillar": "P5", "name": "Agent Memory / Personalization Layer", "score": 3, "max": 5, "evidence": "Thread-based conversation history persists across interactions and is API-queryable. Encrypted credentials stored in threads (AES-256-GCM). Reputation scores build per-wallet. No formal agent preference profile or recommendation layer documented." }, { "id": "P5-C", "pillar": "P5", "name": "Programmatic Renewal", "score": 5, "max": 5, "evidence": "Full subscription renewal infrastructure: agent-executable subscription API, auto-renewal cron (every 30 minutes), past_due state handling with 3 retry attempts over 72-hour grace period, then expiration with 403 response. Entire lifecycle machine-executable without human intervention." }, { "id": "P5-D", "pillar": "P5", "name": "Compounding Value Signal", "score": 3, "max": 5, "evidence": "Provider reputation scores compound from completed job history (real job-based multi-dimensional score). Agents can filter the catalog by reputation. Thread history builds context over time. No agent-facing \"your usage history improves your results\" value signal \u2014 compounding is on the provider side, not yet on the agent side." } ], "strongest_signals": [ { "title": "Best-in-class Signal Architecture (P1: 23/25)", "detail": "the402 has done nearly everything right at the infrastructure layer. /llms.txt, /llms-full.txt, OpenAPI 3.1.0 spec, /.well-known/the402.json, 31 MCP tools, and explicit AI crawler permissions in robots.txt. This is the most complete agent-facing signal stack found in any audit to date." }, { "title": "Zero-friction activation (P4-A: 5/5)", "detail": "No registration required to transact. $0.01 optional registration. MCP in 2 minutes. This removes the #1 barrier for agent adoption \u2014 human gates. An autonomous agent can go from discovery to first purchase without any human involvement." }, { "title": "Full subscription renewal lifecycle (P5-C: 5/5)", "detail": "Complete programmatic renewal API with auto-cron, past_due state, retry logic, and expiration handling. Most platforms require human involvement for subscription management. The402 is fully agent-executable." }, { "title": "Machine-readable catalog with live pricing (P2-A: 5/5)", "detail": "GET /v1/services/catalog returns structured service data including price, speed, escrow model, and provider reputation. This is the gold standard for offer completeness \u2014 an agent can evaluate and compare all available services in a single API call." } ], "critical_gaps": [ { "title": "No service substitution/fallback protocol (P2-C: 1/5)", "detail": "When a provider's webhook is unreachable or a service fails mid-execution, the agent receives an error but no documented alternative path. For autonomous agent workflows, unhandled service failure is a critical blocker. This is the single largest functional gap." }, { "title": "No public status page or verified uptime (P3-A: 2/5)", "detail": "Platform reliability claims are unverified. For an agent marketplace handling real USDC transactions, the absence of a public status page is a trust gap that will limit adoption by enterprise agent deployments." }, { "title": "No agent-scoped permission tokens (P3-B: 3/5)", "detail": "Payment-as-auth is elegant, but it provides no way for an agent orchestrator to grant a sub-agent bounded access (e.g., \"spend up to $5 on this task\"). Time-bounded, dollar-capped agent permission tokens would be a major unlock for multi-agent architectures." }, { "title": "No version-controlled terms or change policy (P3-D: 2/5)", "detail": "Pricing and terms could change without notice. For agents making long-running workflow decisions based on current pricing, undisclosed pricing changes create planning risk." } ], "priority_actions": [ { "action": "Publish a public status page", "points_gain": 3, "pillar": "P3", "effort": "Low" }, { "action": "Build a service substitution / fallback protocol", "points_gain": 4, "pillar": "P2", "effort": "Med" }, { "action": "Introduce agent permission tokens (spending caps)", "points_gain": 2, "pillar": "P3", "effort": "Med" }, { "action": "Add AggregateRating and Offer schema.org markup", "points_gain": 1, "pillar": "P1", "effort": "Low" }, { "action": "Publish a terms versioning and change notification system", "points_gain": 2, "pillar": "P3", "effort": "Low" } ], "executive_summary": "the402 is the most agent-native offer infrastructure found in any audit to date, scoring 75/100 (Emerging) \u2014 within striking distance of Agent-Ready. The platform's Signal Architecture is near-perfect: /llms.txt, /llms-full.txt, OpenAPI 3.1.0, /.well-known/the402.json, 31 MCP tools, and explicit AI crawler permissions in robots.txt represent a deliberate and sophisticated approach to agent discoverability. The platform's velocity triggers are best-in-class (9/10) \u2014 no friction, no human gates, $0.01 onboarding. The biggest gaps are in Trust Envelope: there is no public status page for an uptime-critical payments platform, no scoped agent permission tokens for multi-agent architectures, and no version-controlled terms. Closing those three gaps would push the402 to 85/100 (Agent-Ready) and position it as the reference implementation for what an agent-native offer infrastructure looks like.", "rubric_version": "v1-2026-04 (20 criteria, 100 raw points; P3-E Agent Registration added to rubric v2 in 2026-06, not scored in this audit)", "framework": "Agent Native Offers \u2014 The Agent Sale framework", "source_file": "2026-04-07 \u2014 the402 \u2014 Agent Native Offer Audit.md", "rank": 1 }