Docs · zauthx402
Documentation for the $ZAUTH-funded x402 pentest loop.
Left-hand navigation stays pinned while sections highlight automatically as you scroll. The intent is a calm reading experience: plain facts, lightweight structure, and a few filler photos to keep the column balanced.
Mission Overview
ZAUTHX402 funnels the revenue generated by $ZAUTH directly into permanent pentesting capacity for the x402 protocol family. Operators submit a single prompt and the system spawns four coordinated agents that probe authentication paths, consensus rules, and treasury flows before drafting a unified briefing.
The emphasis is reliability over flash. Runs happen inside managed sandboxes, every payload is replayed, and evidence is timestamped so teams can trace any recommendation back to raw data.
- Primary surfaces: session rotation, replay handling, validator coordination, and vault fallbacks.
- Deliverable: concise response pack with artifacts, mitigations, and replay-ready scripts.
- Cadence: refreshes every 15 minutes while revenue is healthy; gracefully backs off when credits dip.
- Parity: this docs page mirrors the portal so ops teams see the same facts regardless of entry point.
Agent Collective
Four independent agents work every request. Each owns a domain, streams intermediate thoughts, and votes on the final answer. Nothing ships unless the harness reaches consensus or an operator explicitly overrides the quorum.
Atlas · Recon
Atlas maps x402 ingress points, tracks nonce policy drift, and highlights credential reuse. Its output is a live diff of the authentication surface so the other agents know what changed since the last run.
Lyric · Treasury
Lyric watches the $ZAUTH treasury contract, converts fresh revenue into pentest credits, and pauses runs when the budget falls below the guardrail. Every recommendation lists the exact spend that unlocked it.
Quill · Payloads
Quill assembles payloads, replays historical exploits against the new topology, and annotates expected vs. observed behavior. Failed attempts remain attached so engineers can reproduce them later.
Vanta · Response
Vanta adjudicates. It scores every claim, weighs confidence, and synthesizes a single response. When Vanta disagrees with the others it explains why and points to the conflicting evidence.
$ZAUTH Funding Loop
The pentest engine scales with treasury health. Every swap, fee, or staking surge involving $ZAUTH is tallied inside a fifteen-minute ledger. Lyric consumes the ledger, allocates credits, and broadcasts the new ceiling to the other agents before they begin.
- Telemetry: on-chain watchers snapshot inflow, attribute protocol fees, and net out operating reserves.
- Allocation: customizable percentages decide how much revenue becomes pentest fuel each window.
- Back-off: when inflow cools, scans de-escalate automatically so nothing is left half-finished.
- Auditability: every briefing links back to the revenue window that funded it for clean accounting.
Standard Run Workflow
The same loop repeats indefinitely. Below is the sequence operators can expect on every cycle.
01 · Objective Intake
Operators describe the x402 surface or regression they care about. The prompt is paired with the most recent topology snapshot and the current budget cap.
02 · Parallel Recon
Atlas refreshes ingress maps while Lyric verifies spend. If funding is thin, the system notifies the operator and places the run on standby until fresh revenue lands.
03 · Exploit Drafting
Quill replays high-signal payloads, adds new variations, and records every response code, latency spike, or unexpected branch. Nothing is discarded.
04 · Response Assembly
Vanta merges the stream, weighs confidence, and emits a unified response. Operators can download the pack, send it to the platform queue, or run it back through their own automation.
Architecture Snapshot
Documentation mirrors the stack. The same data powering platform dashboards flows here, so every callout references a real subsystem.
Interface Layer
Next.js handles routing and rendering. The docs page is a client component so it can track scroll position and keep the sidebar in sync even when the rest of the site is streaming content.
Agent Grid
Server-side campaign runners hydrate each agent with the latest x402 state, then stream partial responses back to the client over Server-Sent Events. Nothing is cached beyond the single run unless operators choose to persist it.
Evidence & Storage
Artifacts live in encrypted object storage with short retention. Metadata (hashes, timestamps, agent votes) persists longer so auditors can verify what was said without leaking payload contents.
Operator Playbook
A lightweight checklist for anyone coordinating the agents. It keeps day-one users aligned without overwhelming them.
Setup
Mirror the repo, run `npm run dev`, and confirm that the `/docs` route matches production. Register your wallet on the platform and request reviewer permissions if you want to mark findings as complete.
Guardrails
Define minimum treasury reserves, specify which agents can escalate without human sign-off, and tell Lyric when to drop runs instead of throttling them.
Sharing Results
Use the built-in export to hand findings to blue teams or copy direct URLs. The sidebar buttons in the landing and navbar already link here, so everyone references the same source of truth.
FAQs
Where are the visuals?
The production graphs are still rendering. Instead of blocking on art direction, we shipped the verified copy first. Once the assets are ready we will swap the placeholder sections with live charts.
Can I swap an agent?
Not yet. The consensus harness expects this roster. We will add a pluggable “auditor” slot once we can prove the math still holds with a rotating fourth seat.
Do I need infrastructure?
No. Everything runs inside managed sandboxes. You only provide the prompt, review the output, and push mitigations. Telemetry sinks are optional.
How do users find this page?
The Docs buttons in the navbar and landing hero both point to `/docs`. No external GitBook link is required.