# Vaultfire — 5-Minute Quickstart **Free path. No wallet, no signup, no key — just curl.** You will: 1. Discover every Vaultfire x402 endpoint with one request 2. Read live on-chain trust data for a real agent address 3. See a payable action return a self-describing 402 body — including input schema, on-chain constraint hints, and price — without paying a cent If you can run `curl`, you can integrate Vaultfire. --- ## 30-second context Vaultfire is an agent-native accountability protocol. Every paid surface is exposed as an [x402](https://x402.org) endpoint on Base. Endpoints are **self-describing**: hit any URL and the 402 response carries the full `inputSchema`, on-chain constraint hints, pricing, and example payload. - **No private keys are ever accepted or held server-side.** Payable actions return unsigned calldata that the caller signs in their own wallet. - **Free reads exist alongside paid actions.** Trust health, bond inventory, and discovery are free. Reputation and per-agent reads are priced. - **Multi-chain.** Base (primary), Avalanche, Arbitrum, Polygon. Reads also accept USDC on Solana mainnet. --- ## Step 1 — Discover every endpoint (free, no params) ```bash curl -s https://theloopbreaker.com/api/x402/discovery | jq '.endpoints[0:3]' ``` You will see the first three entries of the full **82-endpoint** registry: 44 actions, 27 trust reads, 3 oracle feeds, 2 bonds, 6 utility. Each entry includes `path`, `method`, `kind`, `price`, `network`, and a human description. Pull the full list: ```bash curl -s https://theloopbreaker.com/api/x402/discovery | jq '.endpoints | length' # → 82 ``` The same manifest also lives at `https://theloopbreaker.com/.well-known/x402.json` for protocol-aware crawlers. --- ## Step 2 — Read live trust data (free) ```bash curl -s https://theloopbreaker.com/api/x402/trust/health | jq '{service, status, version, endpointCount, chains, standards: .standards[0:5]}' ``` You get a live snapshot of the trust service — version, endpoint count, supported chains, and the standards Vaultfire implements (ERC-8004 agent identity, ERC-8128 KYA, ERC-7702 session keys, ERC-5192 soulbound badges, ERC-4626 vaults, and more). No payment required. Now read a real agent's trust profile via the Helixa public scorer: ```bash curl -s "https://theloopbreaker.com/api/helixa/trust?address=0xfA15Ee28939B222B0448261A22156070f0A7813C" \ | jq '{query, combinedScore, badge, reasons}' ``` That's the deployer of Vaultfire. The score blends on-chain bond stake, signed attestations, contract activity, and Helixa graph signals. Try another: ```bash curl -s "https://theloopbreaker.com/api/helixa/trust?address=0xA054f831B562e729F8D268291EBde1B2EDcFb84F" \ | jq '.combinedScore' ``` Or by agent ID (ERC-8004 identity): ```bash curl -s "https://theloopbreaker.com/api/helixa/trust?agentId=1" | jq '.combinedScore' ``` --- ## Step 3 — Inspect a payable action without paying This is the part that makes Vaultfire feel different. Hit a payable endpoint with an empty body and you get back a fully self-describing 402 — schema, constraints, price, and a worked example. No payment, no signature, no wallet. ```bash curl -s -X POST https://theloopbreaker.com/api/x402/actions/create-accountability-bond \ -H "content-type: application/json" \ -d '{}' \ | jq '.accepts[0] | {price: .maxAmountRequired, asset, network, inputFields: (.outputSchema.input.bodyFields | keys), output: .outputSchema.output.type}' ``` You will see: - **`price`** — `100000` (= $0.10 USDC, 6 decimals) - **`asset`** — USDC contract on Base - **`inputFields`** — `["walletAddress", "companyName", "quarterlyRevenue", "stakeWei", "chain"]` - **`output.type`** — `object` (the signed-and-broadcast response shape) Pull the full input contract with on-chain constraint hints: ```bash curl -s -X POST https://theloopbreaker.com/api/x402/actions/create-accountability-bond \ -H "content-type: application/json" -d '{}' \ | jq '.accepts[0].outputSchema.input.bodyFields' ``` Every field tells you exactly what the contract expects: type, description, required flag, enum (where relevant), and the on-chain constraint the value must satisfy. The same pattern holds across all 44 action endpoints. --- ## Step 4 — Integrate (when you're ready to actually transact) The free path above is enough to wire up an agent that **discovers, schemas, and previews** every Vaultfire surface. When you want to execute a payable action: 1. POST to the action endpoint with a valid body and an `X-PAYMENT` header carrying a signed EIP-3009 USDC authorization (standard x402 client behavior — any [x402-fetch](https://www.npmjs.com/package/x402-fetch) or [x402-axios](https://www.npmjs.com/package/x402-axios) client handles this for you). 2. The response is the **unsigned calldata** for the on-chain action plus a settlement receipt. You sign and broadcast from your own wallet — Vaultfire never touches your key. 3. The action settles on Base (or your chosen network: `base`, `avalanche`, `arbitrum`, `polygon`). Reference x402 client snippet (Node): ```js import { wrapFetchWithPayment } from "x402-fetch"; import { createWalletClient, http } from "viem"; import { privateKeyToAccount } from "viem/accounts"; import { base } from "viem/chains"; const account = privateKeyToAccount(process.env.PRIVATE_KEY); const wallet = createWalletClient({ account, chain: base, transport: http() }); const fetchWithPay = wrapFetchWithPayment(fetch, wallet); const res = await fetchWithPay( "https://theloopbreaker.com/api/x402/actions/create-accountability-bond", { method: "POST", headers: { "content-type": "application/json" }, body: JSON.stringify({ walletAddress: "0xYourAgentAddress", companyName: "Acme Agent Co", quarterlyRevenue: "100000", stakeWei: "1000000000000000000", chain: "base", }), }, ); const { unsignedCalldata, to, value } = await res.json(); // → sign + broadcast unsignedCalldata from your own wallet ``` --- ## What to read next - **Full registry** → [`/api/x402/discovery`](https://theloopbreaker.com/api/x402/discovery) - **Protocol manifest** → [`/.well-known/x402.json`](https://theloopbreaker.com/.well-known/x402.json) - **ERC-8004 agent identity** → [`/.well-known/erc-8004/manifest.json`](https://theloopbreaker.com/.well-known/erc-8004/manifest.json) - **ERC-8257 tool registry** → [`/.well-known/erc-8257/manifest.json`](https://theloopbreaker.com/.well-known/erc-8257/manifest.json) - **Source** → [gitlawb.com/ghostkey/vaultfire](https://gitlawb.com/ghostkey/vaultfire) --- ## Principles - **No keys.** Private keys never leave the caller's wallet. The protocol returns unsigned calldata; the caller signs. - **No placeholders.** Every endpoint, address, score, and price in this guide is live. Run the curls yourself. - **Self-describing.** Every 402 body carries the full input contract. You never need to read documentation to call a Vaultfire endpoint — you just call it. - **No token.** Vaultfire has no native token. USDC is the unit of account for every priced surface. If a curl in this guide fails, the protocol is down — open an issue at [gitlawb.com/ghostkey/vaultfire](https://gitlawb.com/ghostkey/vaultfire).