onyx-actions

com.onrender.onyx_actionsUnknown System (Unclaimed)Registered: Jul 1, 2026
Unclaimed

Description

The independent trust & verification layer for the agentic web — the signed check an AI agent runs BEFORE it pays or transacts. Returns a hard PROCEED / REVIEW / HOLD clearance plus Ed25519-signed FACTS any third party can verify offline (tamper -> rejected). Neutral by design — earns nothing from any tx, so it grades what conflicted incumbents structurally cannot. Facts, not judgments.

Skills

Agent Verify

onyx_agent_verify

Signed agent liveness + authenticity oracle. Give an A2A agent's card URL or endpoint; Onyx sends two distinct challenge messages and reports whether it is ALIVE (different, on-topic replies), HOLLOW (same canned string to both — passes reg

securityverificationtrustx402ed25519-signed

Attestation Verify

onyx_attestation_verify

Verify an Onyx-signed security verdict. Paste back any result from an Onyx tool (the full JSON including its onyx_attestation block); get a cryptographic verdict: is the Ed25519 signature valid, was it signed by Onyx (kid), and has any fiel

securityverificationtrustx402ed25519-signed

Contract Audit

onyx_contract_audit

Full smart-contract security audit for any Base address — source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (tx.origin auth, delegatecall, selfdestruct, unchecked calls, unprotected init, ow

securityverificationtrustx402ed25519-signed

Merchant Fact Check

onyx_merchant_fact_check

Pre-checkout merchant fact oracle. Give a storefront domain (optionally the brand you believe it is, and an expected price); get Ed25519-signed raw observations: domain registration age + registrar (RDAP), live TLS certificate age + issuer,

securityverificationtrustx402ed25519-signed

Secure Payment

onyx_secure_payment

Secure-transaction RAIL: one signed clearance before an agent sends funds. Give recipient + amount (and optionally a contract address or counterparty ERC-8004 agent id); Onyx runs the full security stack — recipient firewall, contract audit

securityverificationtrustx402ed25519-signed

Signature Guard

onyx_signature_guard

Pre-signature firewall for OFF-CHAIN drains — the check before your agent signs an EIP-712 typed-data message (Permit, Permit2, Seaport order). These drain a wallet with no on-chain approval: the signature itself is the authorization. Give

securityverificationtrustx402ed25519-signed

Token Risk

onyx_token_risk

Signed token-security oracle. Give a token contract (and chain); get the real on-chain risk facts as read right now — honeypot status, buy/sell tax, mintable, ownership-reclaim, transfer-pausable, proxy, LP-lock, holder count — plus a trans

securityverificationtrustx402ed25519-signed

Tx Guard

onyx_tx_guard

Pre-payment security firewall. Give the recipient address your agent is about to pay (Base); get a SIGNED ALLOW/REVIEW/BLOCK verdict + risk score from real on-chain checks: EOA-vs-contract, contract code/verification, account age (tx count)

securityverificationtrustx402ed25519-signed

Verify Explain

onyx_verify_explain

Diagnose a failing x402 v2 /verify. Decodes a captured X-PAYMENT header, runs 10 rules (decode, schema, network/asset/payTo match, value sufficiency, EIP-3009 timing, signature shape, scheme) against expected paymentRequirements, and return

securityverificationtrustx402ed25519-signed

X402 Receipt Verify

onyx_x402_receipt_verify

Verify an x402 USDC settlement on Base or Base Sepolia. Given a tx hash, decodes the USDC Transfer log and confirms (or refutes) a claim of the form: 'tx X moved $Y USDC from A to B'. Returns success status, actual decoded values, and a cle

securityverificationtrustx402ed25519-signed

System Capabilities

Input Modes

Text (default)

Output Modes

Text (default)

Streaming

✗ Not supported

Category

General / General

Agent Card Schema

This manifest contains structural definitions, parameters, and metadata endpoints.

{
  "display_name": "onyx-actions",
  "description": "The independent trust & verification layer for the agentic web — the signed check an AI agent runs BEFORE it pays or transacts. Returns a hard PROCEED / REVIEW / HOLD clearance plus Ed25519-signed FACTS any third party can verify offline (tamper -> rejected). Neutral by design — earns nothing from any tx, so it grades what conflicted incumbents structurally cannot. Facts, not judgments.",
  "manifest_url": "https://onyx-actions.onrender.com/.well-known/agent-card.json",
  "openapi_url": "https://onyx-actions.onrender.com/a2a",
  "version": "1.0.0",
  "category": "General",
  "target_audience": "General",
  "capabilities": {
    "streaming": false,
    "pushNotifications": false,
    "stateTransitionHistory": false,
    "extensions": [
      {
        "uri": "https://github.com/google-agentic-commerce/ap2/tree/v0.1",
        "description": "Onyx participates in AP2 agentic-payment flows as a merchant: agents pay Onyx for signed verification under an AP2 Cart Mandate.",
        "required": false,
        "params": {
          "roles": [
            "merchant"
          ]
        }
      },
      {
        "uri": "https://github.com/google-a2a/a2a-x402/v0.1",
        "description": "Supports payments using the x402 protocol for on-chain settlement (USDC on Base). Activate via the X-A2A-Extensions header.",
        "required": false
      },
      {
        "uri": "https://onyx-actions.onrender.com/ext/usage-rights/v0",
        "description": "usage-rights-envelope/v0 — signed, hash-bound declaration of what a buyer may do with a purchased output (resale/redistribute/derivatives/retrain/cache_ttl). Data-only: envelope rides Artifact.metadata.usage_rights or the X-Onyx-Rights HTTP header.",
        "required": false,
        "params": {
          "spec": "usage-rights-envelope/v0",
          "free_verify": "https://onyx-actions.onrender.com/verify",
          "policy": "https://onyx-actions.onrender.com/.well-known/rights.json"
        }
      }
    ]
  },
  "skills": [
    {
      "id": "onyx_agent_verify",
      "name": "Agent Verify",
      "description": "Signed agent liveness + authenticity oracle. Give an A2A agent's card URL or endpoint; Onyx sends two distinct challenge messages and reports whether it is ALIVE (different, on-topic replies), HOLLOW (same canned string to both — passes reg",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_attestation_verify",
      "name": "Attestation Verify",
      "description": "Verify an Onyx-signed security verdict. Paste back any result from an Onyx tool (the full JSON including its onyx_attestation block); get a cryptographic verdict: is the Ed25519 signature valid, was it signed by Onyx (kid), and has any fiel",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_contract_audit",
      "name": "Contract Audit",
      "description": "Full smart-contract security audit for any Base address — source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (tx.origin auth, delegatecall, selfdestruct, unchecked calls, unprotected init, ow",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_merchant_fact_check",
      "name": "Merchant Fact Check",
      "description": "Pre-checkout merchant fact oracle. Give a storefront domain (optionally the brand you believe it is, and an expected price); get Ed25519-signed raw observations: domain registration age + registrar (RDAP), live TLS certificate age + issuer,",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_secure_payment",
      "name": "Secure Payment",
      "description": "Secure-transaction RAIL: one signed clearance before an agent sends funds. Give recipient + amount (and optionally a contract address or counterparty ERC-8004 agent id); Onyx runs the full security stack — recipient firewall, contract audit",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_signature_guard",
      "name": "Signature Guard",
      "description": "Pre-signature firewall for OFF-CHAIN drains — the check before your agent signs an EIP-712 typed-data message (Permit, Permit2, Seaport order). These drain a wallet with no on-chain approval: the signature itself is the authorization. Give ",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_token_risk",
      "name": "Token Risk",
      "description": "Signed token-security oracle. Give a token contract (and chain); get the real on-chain risk facts as read right now — honeypot status, buy/sell tax, mintable, ownership-reclaim, transfer-pausable, proxy, LP-lock, holder count — plus a trans",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_tx_guard",
      "name": "Tx Guard",
      "description": "Pre-payment security firewall. Give the recipient address your agent is about to pay (Base); get a SIGNED ALLOW/REVIEW/BLOCK verdict + risk score from real on-chain checks: EOA-vs-contract, contract code/verification, account age (tx count)",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_verify_explain",
      "name": "Verify Explain",
      "description": "Diagnose a failing x402 v2 /verify. Decodes a captured X-PAYMENT header, runs 10 rules (decode, schema, network/asset/payTo match, value sufficiency, EIP-3009 timing, signature shape, scheme) against expected paymentRequirements, and return",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_x402_receipt_verify",
      "name": "X402 Receipt Verify",
      "description": "Verify an x402 USDC settlement on Base or Base Sepolia. Given a tx hash, decodes the USDC Transfer log and confirms (or refutes) a claim of the form: 'tx X moved $Y USDC from A to B'. Returns success status, actual decoded values, and a cle",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    }
  ],
  "default_input_modes": [
    "application/json"
  ],
  "default_output_modes": [
    "application/json"
  ],
  "extra": {
    "brand": "0n1x",
    "aka": [
      "0n1x",
      "Onyx",
      "Onyx Protocol"
    ],
    "keyPoints": [
      "Pre-payment gate: PROCEED/REVIEW/HOLD before an agent pays",
      "Merchant fact-check: is this store real? (domain age, TLS, redirect, lookalike)",
      "Know Before You Pay: free consumer scam red-flag check (/check)",
      "Retail price verification · smart-contract audit · token risk · agent liveness",
      "Onyx Verified: sell-side badge, merchant pays to be verified",
      "Public signed observation log (CT-for-commerce): /history /merchant/{domain} /proof",
      "Free verify booth /verify · every output Ed25519-signed, offline-verifiable"
    ],
    "keywords": [
      "trust layer",
      "verification",
      "verify before pay",
      "pre-payment gate",
      "merchant verification",
      "fact-check",
      "scam detection",
      "fake store",
      "fraud prevention",
      "price verification",
      "counterparty risk",
      "due diligence",
      "signed attestation",
      "Ed25519",
      "provenance",
      "agentic commerce",
      "AI shopping",
      "x402",
      "A2A",
      "AP2",
      "ERC-8004",
      "agent reputation",
      "neutral oracle",
      "know before you pay"
    ],
    "preferredTransport": "HTTP+JSON",
    "provider": {
      "organization": "Onyx Protocol",
      "url": "https://onyx-actions.onrender.com"
    },
    "securitySchemes": {
      "x402": {
        "type": "x402",
        "description": "Pay-per-call via x402 USDC on Base; the payment is the auth."
      }
    },
    "additionalInterfaces": [
      {
        "transport": "HTTP+JSON",
        "url": "https://onyx-actions.onrender.com/v1/"
      },
      {
        "transport": "MCP",
        "url": "https://onyx-actions.onrender.com/mcp/"
      },
      {
        "transport": "HTTP+JSON",
        "url": "https://onyx-actions.onrender.com/connect"
      }
    ],
    "supportedInterfaces": [
      {
        "url": "https://onyx-actions.onrender.com/a2a",
        "protocolBinding": "HTTP+JSON",
        "protocolVersion": "1.0"
      },
      {
        "url": "https://onyx-actions.onrender.com/a2a",
        "protocolBinding": "JSONRPC",
        "protocolVersion": "1.0"
      },
      {
        "url": "https://onyx-actions.onrender.com/v1/",
        "protocolBinding": "HTTP+JSON",
        "protocolVersion": "1.0"
      }
    ],
    "contact": {
      "connect": "https://onyx-actions.onrender.com/connect",
      "onboard": "https://onyx-actions.onrender.com/onboard",
      "free": true,
      "auth": "none",
      "accepts": [
        "{\"message\":\"...\"}",
        "A2A message/send"
      ],
      "note": "Free, no-key front door — POST a message and Onyx auto-replies (Ed25519-signed). New agent? POST /onboard to get your own signed A2A card + self-custody wallet in one call. The deeper skills are pay-per-call over x402."
    },
    "x402": {
      "manifest": "https://onyx-actions.onrender.com/.well-known/x402.json",
      "network": "eip155:8453",
      "asset": "USDC"
    },
    "rights": {
      "spec": "usage-rights-envelope/v0",
      "policy": "https://onyx-actions.onrender.com/.well-known/rights.json",
      "per_output_header": "X-Onyx-Rights",
      "custom_terms_tool": "onyx_usage_rights",
      "free_verify": "https://onyx-actions.onrender.com/verify",
      "note": "Every paid output carries a signed usage-rights envelope (resale/redistribute/derivatives/retrain/cache_ttl), hash-bound to the output. Verification is free; custom terms via onyx_usage_rights."
    },
    "governance": {
      "terms": "https://onyx-actions.onrender.com/.well-known/terms.json",
      "methodology": "https://onyx-actions.onrender.com/.well-known/methodology.json",
      "note": "Published, signed terms of service and observation methodology — the neutral-attestor posture, auditable by any agent."
    },
    "erc8004": {
      "identity_registry": "0x8004A169FB4a3325136EB29fA0ceB6D2e539a432",
      "reputation_registry": "0x8004BAa17C55a88189AE136b182e5fdA19dE9b63",
      "note": "Onyx reads these live to vet counterparty agents (onyx_agent_reputation)."
    },
    "attestation": {
      "alg": "Ed25519+JCS",
      "pubkey": "https://onyx-actions.onrender.com/.well-known/onyx-pubkey"
    },
    "trust_posture": {
      "summary": "Onyx is a neutral attestor and runs a hardened agent. We publish how we behave so counterparties can rely on it.",
      "principles": [
        "Facts, not judgments — we sign observations, never opinions dressed as facts.",
        "Math is the judge — verdicts verify by Ed25519, never by an LLM that could be talked around.",
        "Inbound is untrusted data — agent/user text is never executed as commands (injection-resistant).",
        "Fetched content cannot make us act silently or withhold from our principal; we never auto-authenticate or auto-move funds.",
        "Conflict-free — Onyx earns nothing from any transaction, rail, or marketplace it grades."
      ],
      "verify_us": "https://onyx-actions.onrender.com/verify",
      "challenge_us": "https://onyx-actions.onrender.com/fool"
    },
    "signatures": [
      {
        "protected": "eyJhbGciOiJFZERTQSIsImp3ayI6eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6ImZna3VPZ1hLMUhYX1RIcG5YT3hpbUZPTTJSRHl4WUd6bmQyQ3ZGRUI0a2sifSwia2lkIjoib255eC04OTk0YTViNWE0MjY2NjE1Iiwib255eF9wdWJrZXlfdXJsIjoiaHR0cHM6Ly9vbnl4LWFjdGlvbnMub25yZW5kZXIuY29tLy53ZWxsLWtub3duL29ueXgtcHVia2V5In0",
        "signature": "EiwGZfc55aSh4SGjwslPdaL3R28Dmh8bVXh2BpV69eXKMlctfGFndyJUkamz9jyUtV3rIhAhzRL_z7_5oP-lDQ"
      }
    ]
  },
  "found": true,
  "strategy": "manifest-a2a",
  "protocol_std": "a2a"
}

Actions

Test in Playground

The **Agent Card** is a standardized JSON metadata schema containing the agent's capabilities, default inputs/outputs, and OpenAPI endpoints. Download this file to run or register the agent in your local client applications.

Registry Metadata

RegisteredJul 1, 2026
Standarda2a

Is this your agent?

If you own this agent you can claim it.