SYNTHR.CYBER
paid security signals over http 402

Security intel endpoints for agents that ship code.

Synthr is a small x402 API surface for dependency risk, active exploitation, secure implementation guidance, and endpoint trust checks. Agents send compact JSON. Synthr returns sourced, machine-actionable JSON.

EPSS-prioritized Sort fixes by real exploitation probability, not just CVSS.
agentSurface scoring Flags vulns most likely to affect tool servers, auth flows, and SDK paths.
no keys, no subscriptions Pay per call in micro-USDC over x402. Discovery is always free.
Base URLhttps://synthr.online
Price floor$0.005 / requestadvice: $0.0075
NetworkBase Sepolia testneteip155:84532 · micro-USDC
runtime trust signals

Live, priced, and machine-readable.

Payment rail
x402 ready
Discovery
llms.txt + OpenAPI + x402 catalog — always free
Challenge
unpaid protected calls return HTTP 402
Network
Base Sepolia testnet · eip155:84532
Health
GET https://synthr.online/health → 200, static, free
agent payment trace
01
Discover Agent reads /llms.txt, /openapi.json, or /x402-catalog.json.
02
Challenge Protected endpoint responds with a structured x402 payment requirement.
03
Execute Paid request returns JSON fields agents can route on: risk, evidence, score, and next action.
04
Settle Response includes X-PAYMENT-RESPONSE; the agent records the receipt and caches the result.

Endpoint surface

Focused routes, predictable schemas, explicit prices. Built to be called by CI, coding agents, and x402-aware tool routers.

POST

/v1/cyber/stack-brief

Full stack risk summary with OSV findings, EPSS exploit probability, KEV flags, and agent-surface scoring.

Any OSV ecosystem supported: npm, pypi, go, cargo, maven, and more.
$0.005
{
  "stackSummary": { "criticalFindings": 1 },
  "prioritizedRisks": [...],
  "agentActions": [...]
}
POST

/v1/cyber/audit-deps

Dependency audit for known vulnerabilities and malicious package signals. Useful as an install or pre-deploy gate.

$0.005
{
  "dependencies": [
    { "name": "express", "version": "4.18.2", "ecosystem": "npm" }
  ],
  "includeMalicious": true
}
GET

/v1/cyber/breaking

Recent CISA KEV additions enriched with EPSS and short notes for agentic builders.

Why it matters: stay ahead of actively exploited CVEs without reading bulletins.
$0.005
GET https://synthr.online/v1/cyber/breaking?days=14&limit=5

=> cve, epss, percentile, requiredAction

End-to-end paid call

A complete round trip: 402 challenge → pay → 200 + structured JSON + payment receipt. This is what an x402-aware client does internally.

paid execution → 200 + X-PAYMENT-RESPONSE
# 1) unpaid protected call → 402 challenge
curl -i -X POST https://synthr.online/v1/cyber/stack-brief \
  -H "content-type: application/json" \
  --data '{ "stack": { "dependencies": [{ "name": "express", "version": "4.18.2", "ecosystem": "npm" }] } }'

HTTP/2 402
payment-required: eyJ4NDAyVmVyc2lvbiI6Mi...

# 2) client satisfies the requirement with a signed USDC payment header
curl -X POST https://synthr.online/v1/cyber/stack-brief \
  -H "content-type: application/json" \
  -H "X-PAYMENT: <signed x402 payment>" \
  --data '{ "stack": { "dependencies": [{ "name": "express", "version": "4.18.2", "ecosystem": "npm" }] } }'

HTTP/2 200
x-payment-response: eyJyZWNlaXB0IjoiMHg...
content-type: application/json

{
  "stackSummary": { "criticalFindings": 1, "totalDeps": 1 },
  "prioritizedRisks": [
    {
      "id": "GHSA-...CVE-...",
      "package": "express",
      "patchPriority": "P0",
      "agentSurface": "high",
      "epss": 0.94,
      "kev": true,
      "fixVersion": "4.19.2",
      "recommendedAction": "block deploy; bump express"
    }
  ],
  "agentActions": [ "bump express to 4.19.2", "re-run stack-brief after upgrade" ],
  "sources": ["OSV", "EPSS", "CISA KEV"]
}

Copy/paste calls

These examples show the raw API shape. Use an x402-aware fetch client for paid execution.

unpaid discovery
# service health
curl https://synthr.online/health

# agent instructions
curl https://synthr.online/llms.txt

# endpoint catalog
curl https://synthr.online/x402-catalog.json

# OpenAPI spec
curl https://synthr.online/openapi.json
402 challenge preview
curl -i -X POST https://synthr.online/v1/x402/endpoint-check \
  -H "content-type: application/json" \
  --data '{
    "endpointUrl": "https://synthr.online/v1/cyber/breaking",
    "expectedMethod": "GET"
  }'

HTTP/2 402
payment-required: eyJ4NDAyVmVyc2lvbiI6Mi...

Response fields agents can route on

No prose-only output. Responses are designed for branching decisions in harnesses and CI.

Field Where it appears How to use it
patchPriority stack-brief Route P0/P1 findings into blocking deploy checks or urgent dependency updates.
agentSurface stack-brief, breaking Prioritize vulnerabilities likely to affect tool servers, auth flows, APIs, LLM SDKs, and data access paths. How it's scored →
epss / kev security endpoints Use real-world exploitation likelihood and known active exploitation as sorting signals.
payabilityStatus endpoint-check Decide whether an autonomous agent should call, avoid, retry, or request human review before paying.
sources[] all major responses Show provenance, store evidence, or let a human inspect the records behind the recommendation.

How agentSurface is scored

Plain OSV wrappers stop at "is there a CVE." Synthr goes one step further.

For each finding we collect the affected package metadata, the calling context field submitted with the request (e.g. "agent harness with auth tools"), and structured signals from OSV descriptions (auth, RCE, prototype pollution, request smuggling, path traversal, SSRF). We then flag findings most likely to land on an agentic attack surface: tool servers with public endpoints, auth flows, JSON/HTTP SDK boundaries, file access, and command-execution paths.

The result is a coarse low / medium / high / critical surface score — not a CVSS replacement, but a router signal: is this likely to bite this agent specifically?

low / medium / high / critical

Error & retry contract

Failure shapes agents can branch on. All error bodies are JSON, not HTML.

HTTP 402 — Payment Required

Protected endpoint hit without a valid X-PAYMENT header. Body is a structured x402 payment requirement describing the price, network, and payee. Reattempt after satisfying the requirement.

402 Payment Required
payment-required: eyJ4NDAy...
{ "error": "payment_required", "price": "$0.005" }

HTTP 429 — Rate Limited

Too many calls against /v1/* within the window. Body includes retryAfterMs. Back off linearly and retry; the call is not charged.

429 Too Many Requests
{ "error": "rate_limited", "retryAfterMs": 1500 }

HTTP 400 — Bad Request

Malformed JSON, missing required stack or dependencies, or unsupported ecosystem. No payment is taken for failed validation.

400 Bad Request
{ "error": "invalid_stack", "message": "dependencies[] is required" }

HTTP 5xx — Server Error

Upstream OSV/EPSS timeouts or internal failures. Retries on 5xx are free — the failed response includes no receipt. Retry with the same payment or wait for an upstream recovery.

503 Upstream Unavailable
{ "error": "upstream_unavailable", "upstream": "OSV" }

Pricing & fairness

Transparent, low-friction, worth every micro-payment.

Discovery tier

/health, /llms.txt, /openapi.json, /x402-catalog.json, and /meta.json are always free and unauthenticated — agents can scout before bringing a wallet.

Per-call pricing

Base price $0.005 per request. /v1/cyber/advice is $0.0075 due to deeper synthesis. No tiers, no commitments.

Failure policy

4xx due to malformed input: not charged. 5xx and upstream timeouts: not charged, safe to retry. Only successful 2xx responses settle USDC.

Trust artifacts

Everything important is machine-readable and stable enough for agents to cache.

Runtime status

  • Status: x402 ready
  • Network: Base Sepolia testnet · eip155:84532
  • Base price: $0.005
  • Advice price: $0.0075
  • Last updated: 2026-07-04