Changelog.

Platform and protocol release history.

Intelligence Layer Dashboard

March 26, 2026

Execution Intelligence — 6 New Dashboard Surfaces

The Intelligence Layer now has a full dashboard presence. Every request P402 routes, every trace it records, every dollar it saves, and every quality score it evaluates is now visible, navigable, and actionable — without leaving the dashboard.

Requests — paginated execution log with status, routing mode, actual cost, savings vs claude-sonnet-4-6 baseline, and one-click trace navigation; keyboard shortcuts: ↑↓ to select rows, ↵ to open trace, R to refresh
Traces — per-request execution graph showing every node (model, tool, retrieval, verify, settle, cache) with latency, cost, provider, and evaluation scores; task text and savings % shown in a hero block at the top
Savings — period analytics (7d / 30d / 90d) with a hero card showing total saved and % below claude-sonnet-4-6 baseline; daily bar chart, breakdown by routing mode, provider spend distribution
Evals — response quality evaluation log from verify nodes; per-eval scores for relevance, completeness, groundedness, and coherence; failed evals surface a direct fix path with a “Re-run with Planned” action
Knowledge — RAG source registry (URL, file, API, plain text) with trust levels, chunk counts, and add/remove controls; used by retrieve nodes in planned executions
Tools — registered tool catalog showing built-in and custom tools, parameter schemas, and execution history

Mission Control: Intelligence Summary

The main dashboard now shows a live Intelligence Layer summary: total requests this week, total dollars saved (with % vs baseline), and eval pass rate — each linking directly to its drill-down page. Data refreshes automatically every 30–60 seconds.

Powered by three new REST endpoints: GET /api/v1/requests, GET /api/v1/savings?period=7d, GET /api/v1/evals — each with pagination, filters, and aggregate stats
Savings computed server-side: baseline estimated from claude-sonnet-4-6 reference rate ($3/1M tokens) applied to task token count; actual cost vs baseline delta stored on execute_requests.baseline_cost at write time
DB: migration v2_034 adds baseline_cost to execute_requests and provider_id / model_id to execute_trace_nodes

Trace Enrichment — Single-Query JOIN

getTrace() now returns full enrichment in a single round trip: plan node labels, tool execution I/O, evaluation scores, and originating task text are all resolved server-side. No N+1 queries at the API layer.

Three LEFT JOINs added: execute_plan_nodes (label), tool_executions (I/O, latency, error), execute_evaluations (scores, pass/fail)
Trace detail page shows task text, cost savings %, provider, and model in a context hero block — the first thing visible before any node detail
Adaptive cost formatting: formatCost() renders 2 decimals ≥ $1, 4 decimals ≥ $0.01, 6 decimals below — no trailing noise at any scale

Escrow Toggle & A2A Idempotency

Two targeted hardening changes ship alongside the Intelligence Layer.

Escrow toggle in Settings — per-tenant control over auto-escrow on Bazaar tasks; when disabled, all tasks use direct x402 settlement at the plan-rate fee (no 2% escrow fee); migration v2_024 adds escrow_enabled to tenant_settings (default: TRUE — existing behavior preserved)
A2A idempotency keys — clients can now set an Idempotency-Key header on tasks/send requests; duplicate submissions within the same tenant return the original task rather than creating a second; constraint is scoped per (tenant_id, idempotency_key) with a partial unique index that excludes NULLs — backwards compatible

P402Escrow — Conditional Settlement on Base

March 23, 2026

P402Escrow.sol — Live on Base Mainnet

Conditional USDC escrow contract deployed to Base mainnet at 0x4596c0e69d08e4ca6f02c7a129fc2bff8a6905ac. Funds lock on-chain at job creation and release only when the payer confirms delivery — or P402 resolves a dispute. Protocol fee: 1% to treasury on settlement. Dispute window: 48 hours after provider marks delivery.

State machine: CREATED → FUNDED → ACCEPTED → IN_PROGRESS → DELIVERED → SETTLED — with DISPUTED → RESOLVED and EXPIRED / CANCELLED exit paths
REST API: POST /api/v2/escrow (create), GET /api/v2/escrow/[id] (detail + event log), POST /api/v2/escrow/[id] (transition: fund | accept | start | deliver | release | dispute)
DB: escrows and escrow_events tables via migration v2_020_escrow.sql; evidence bundle endpoint at GET /api/v1/analytics/evidence-bundle/[escrow_id]

Bazaar Auto-Escrow — Phase 3.2

Any A2A task submitted via the Bazaar with price_usd ≥ $1.00 and a provider_address automatically creates an escrow — no extra API calls required. The escrow_id is returned in task metadata and stored in task configuration JSONB. Escrow creation is non-blocking — task proceeds even if escrow fails.

Dashboard: Bazaar SETTLE button now routes to escrow creation (≥$1 + provider wallet) or direct EIP-3009 settlement (<$1)
My Escrows panel in /dashboard/bazaar — live state with action buttons (Fund → Accept → Start → Deliver → Release / Dispute)
bazaar_resources.provider_wallet_address added — populated from payTo in x402 manifests during ingest; powers escrow recipient resolution
New useEscrow hook — polls /api/v2/escrow, exposes createEscrow() and transition()

Platform & Docs

Escrow surfaced across the full product surface. Models page now falls back to local registry (13 providers, all with live pricing) when OpenRouter is unavailable, eliminating the “Error loading live prices” state entirely.

New /docs/escrow — state machine table, quick start code, full API reference, dispute window details
New /product/escrow — Lock / Deliver / Release overview with agent commerce, creative work, and API access use cases
Landing page updated to six capabilities: Routing, Payments, Escrow, Controls, Orchestration, Ecosystem
GET /api/v2/models falls back to getProviderRegistry().getAllModels() on OpenRouter failure — models page always renders

World ID, Credits & Model Catalog

March 22, 2026

Human-Anchored Credits — World ID Free Trial

World ID verification now unlocks 500 free credits ($5.00) on the first verified request. Credits are a first-class billing primitive — 1 credit equals $0.01 USD, consumed atomically via UPDATE ... WHERE balance >= amount — no overdraft is possible. When credits are exhausted, sessions fall through to standard USDC billing with no disruption.

p402_metadata extended: human_verified, human_usage_remaining, reputation_score, credits_spent, credits_balance — returned on every POST /api/v2/chat/completions response
New credit API surface: GET /api/v2/credits/balance, POST /api/v2/credits/purchase (mode: 'test' | 'paid'), GET /api/v2/credits/history
CLI: p402 credits balance and p402 credits buy <amount_usd>
MCP: new p402_agent_status tool — checks AgentBook registration and returns live credits_remaining for any wallet address

World Mini App — world.p402.io

A standalone Next.js 15 mini app purpose-built for the World App ecosystem. Deployed separately from the Base Mini App at world.p402.io — different SDK, different store, same P402 backend linked via human_id_hash.

Auth via MiniKit.commandsAsync.walletAuth — SIWE-style session, returns scoped HMAC bearer token tied to the World wallet address
Credit purchases via MiniKit.commandsAsync.pay() — four tiers ($5 / $10 / $50 / $100 USDC); World App handles the transaction, P402 credits the balance on confirmation
4 tabs: Chat (streaming, cost display), Agents (A2A registry browser), Credits (balance + history), Settings (routing mode, identity, reputation)
Session endpoint at POST /api/v1/world-mini/session — derives tenant from wallet address, auto-grants free trial credit for newly verified humans

Base Mini App — World ID Integration

The existing Farcaster mini app at mini.p402.io is updated to surface World ID verification state and credit balance inline — no new screens, state flows in from p402_metadata on every chat response.

Header: [VERIFIED] badge appears when humanVerified is true — shows free-uses remaining or credit count
Chat input: tri-state indicator — free trial active (lime), credit balance available (neutral), low USDC funds warning (amber) — each mutually exclusive
Settings modal: World ID section with deep link to worldapp://verify for unverified users; verified state shows FREE USES / CREDITS / REP SCORE grid
Agents panel: inline VERIFIED trust badge on agents where human_verified: true

Model Catalog — /models

Live model comparison page added to the main nav. Pulls from GET /api/v2/models which is now backed by an hourly cron sync from OpenRouter into a model_prices table — pricing is current within 1 hour of provider changes.

300+ models filterable by provider and capability; sortable by input cost, context window, or name
Cost calculator: input token count × output token count × daily requests → direct API cost vs P402 (22% blended savings via caching and routing)
DB: model_prices table with model_price_history for trend tracking; Redis cache key p402:models:openrouter (TTL 1hr)
Sync cron at POST /api/internal/cron/models/sync — marks models dropped by OpenRouter as is_active = FALSE rather than deleting them

VS Code Extension

March 18, 2026

p402-protocol.p402 — Embedded MCP Server in VS Code

The P402 VS Code extension ships an embedded MCP server registered via McpServerDefinitionProvider. Installing the extension is the entire setup — no mcp.json editing, no manual server start. VS Code spawns dist/mcp-server.mjs as a child process when Copilot agent mode needs it, and all 6 P402 tools appear immediately.

Install: Extensions panel → search P402 — or ext install p402-protocol.p402
Published simultaneously to VS Code Marketplace and Open VSX (Eclipse Theia, Gitpod, VSCodium)
The MCP server binary is bundled into the extension at build time via esbuild — no npm fetch at runtime, no Node version dependency
Requires only P402_API_KEY set via the P402: Configure API Key command

Extension Surface

Status bar — shows current router mode (⚡ P402: balanced); click to switch modes via quick-pick
Activity bar + sidebar — three tree views: Sessions (budget remaining, spend, request count), Recent requests (model, cost, latency), Provider status (healthy / degraded / down per provider)
Command palette — P402: Configure API Key, P402: Switch Router Mode, P402: Create Budget Session, P402: Open Dashboard
Settings UI — p402.apiKey, p402.routerMode, p402.showStatusBar

Distribution

VS Code Marketplace: marketplace.visualstudio.com/items?itemName=p402-protocol.p402
Open VSX: open-vsx.org/extension/p402-protocol/p402
Source: packages/vscode/ in the monorepo; CI publishes to both registries on vscode/v* tags
VS Code's @mcp gallery search also surfaces P402 via the MCP Registry listing (io.github.Z333Q/p402) — the extension and registry listing are complementary, not redundant

MCP Server

March 17, 2026

@p402/mcp-server — P402 as an MCP Tool Server

P402 routing and x402 settlement are now accessible via the Model Context Protocol stdio transport. Agent runtimes that speak MCP — Claude Desktop, Cursor, Windsurf, or any custom host — can route LLM requests across 300+ models and settle per-call in USDC on Base without implementing an HTTP client, managing wallet signing, or handling provider credentials directly.

Spawned as a stdio subprocess — no open ports, no daemon process required
Requires only P402_API_KEY — no wallet private key at the MCP layer
All routing logic, billing guard enforcement, and on-chain settlement run on the P402 backend unchanged; the MCP layer is a thin adapter over POST /api/v2/chat/completions and POST /api/v2/sessions
Budget enforcement is identical to the REST API — a session with a $5.00 cap cannot be exceeded regardless of tool call volume

6 Tools

p402_chat — routes a prompt to the optimal provider by mode (cost / quality / speed / balanced); settles payment atomically if a session token is supplied; returns completion, provider used, cost in USD, and latency
p402_create_session — creates a budget session with a hard USD cap; returns a session_token scoped to that budget
p402_get_session — returns balance_remaining, amount_spent_usd, request_count, and status
p402_list_models — enumerates all routable models with provider, context window, and per-token pricing; filterable by provider
p402_compare_providers — returns all providers serving a given model with cost and p95 latency side-by-side
p402_health — router uptime, facilitator settlement status, and active provider count

Distribution

Published to npm as @p402/mcp-server — zero-install via npx -y @p402/mcp-server
Listed on the official MCP Registry as io.github.Z333Q/p402 at registry.modelcontextprotocol.io
Indexed in community directories: punkpeye/awesome-mcp-servers (Finance & Fintech), wong2/awesome-mcp-servers, mcp.so, mcpindex.net, mcpserverfinder.com
Source in monorepo at packages/mcp-server/ — TypeScript, @modelcontextprotocol/sdk

Progressive Authorization

March 6, 2026

4-State Authorization Model

P402 now formalizes authorization as a progression: Visitor → Identity Only → Wallet Linked → Payment Ready. Each state is computed server-side at GET /api/v2/auth/state and surfaced throughout the product with a clear, low-friction path to the next state.

State is derived from the NextAuth session: CDP email users resolve to wallet_linked immediately; Google OAuth users are resolved against the account's linked wallet address
Dashboard banner renders contextually per state — amber for unactivated payments, dark for unfunded wallet, silent when payment-ready
Nav wallet indicator distinguishes Google-only sessions ("Activate Payments") from wallet-linked sessions (address chip) without triggering RainbowKit
Mobile nav no longer surfaces a wallet connect prompt for unauthenticated visitors

Google OAuth → Wallet Activation Path

Google OAuth users encounter a dedicated wallet activation pre-step in onboarding. The CDP email field is pre-filled from the Google session. The step is skippable; deferred state is tracked in localStorage and surfaces an inline activation prompt on the dashboard. Users who skip remain in identity_only state — dashboard and API key access is unaffected; payment routes return a 402 until a wallet is linked.

Builder Onboarding Path

Developers who select the Build & Route role now receive targeted onboarding copy: no personal wallet required, agent sessions use CDP server wallets funded by clients, with a direct reference to the POST /api/v2/sessions endpoint and wallet_source: "cdp" parameter.

CDP Wallet Integration

March 4, 2026

Email OTP — Embedded Wallet on First Login

Sign in with an email address. A self-custody Base wallet is provisioned automatically via Coinbase Developer Platform (CDP) Embedded Wallet — no browser extension, no seed phrase, no prior crypto experience required.

OTP delivery and wallet creation complete in under 500 ms end-to-end
Private keys are generated and stored inside Coinbase's AWS Nitro Enclave (TEE) — never transmitted to the P402 server
Session identity: wallet address is the primary identity token, no separate linking step
First login presents a wallet acknowledgment screen with address and network confirmation

CDP Server Wallet for Facilitator Signing

The x402 facilitator signing wallet supports two modes, selectable via environment variable:

Mode A — CDP TEE (CDP_SERVER_WALLET_ENABLED=true): private key never touches the Node.js process; signing happens inside Coinbase's Nitro Enclave. Recommended for production.
Mode B — raw key: legacy local-dev fallback using P402_FACILITATOR_PRIVATE_KEY
Active mode is exposed at GET /api/v1/facilitator/health → "mode": "cdp-server-wallet" | "raw-key"

Guided Wallet Funding — Onboarding Step 3

Onboarding is now 4 steps: Role → API Key → Fund Wallet → Orientation.

Fund Wallet step displays the connected wallet address with a one-click copy button
Instructions: copy address → send USDC on Base → the dashboard detects the deposit and transitions state automatically
Minimum deposit: $0.01 USDC. Contract: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

Protocol, SDK & CLI Launch

March 2, 2026

P402 Protocol — Open Source

The core P402 protocol specification and reference implementations are open source. Includes the x402 payment extension schema, AP2 mandate format, A2A JSON-RPC method definitions, and the ERC-8004 agent identity registry interface.

github.com/z333q/p402-protocol ↗

Developer SDK

@p402/sdk provides typed wrappers for routing requests, issuing AP2 mandates, verifying x402 payment payloads, and interacting with the A2A task API. TypeScript-first; ships ESM and CJS.

CLI

Manage facilitators, inspect routing decisions, check wallet balances, and tail live traffic from the terminal. Wraps the same REST endpoints exposed by the dashboard — no separate auth flow required; uses your existing API key.

Infrastructure & Platform

Feb 24 – Mar 2, 2026

P402 Claude Skill

Claude skill released covering routing modes, billing guard limits, session lifecycle, x402 payment settlement, A2A protocol, and provider cost comparison
Skill surfaced in footer, landing CTAs, and mobile navigation
Trained on Feb 2026 models; includes concrete migration examples from direct OpenAI/Anthropic API calls

Base Mainnet Smart Contracts

P402Settlement deployed at 0xd03c7ab9a84d86dbc171367168317d6ebe408601 — marketplace settlement with 1% protocol fee
SubscriptionFacilitator deployed at 0xc64747651e977464af5bce98895ca6018a3e26d7 — EIP-2612 recurring billing, gasless for subscribers after month 1
Treasury: 0xFa772434DCe6ED78831EbC9eeAcbDF42E2A031a6

Stripe & Billing Hardening

Webhook handler uses req.text() before signature verification — required by Next.js 15 to prevent body pre-parsing from breaking HMAC validation
All billing events use INSERT ... ON CONFLICT — idempotent against transient duplicate webhook delivery
Environment validation enforced at startup; missing required keys abort boot rather than surface at runtime
E2E billing suite green across Node 18 and 20