# Pair LION with Coinbase AgentKit + the x402 MCP client

Run the LION Marketplace Visibility Audit from a Coinbase AgentKit agent. AgentKit's wallet-management primitives plus the `@x402/mcp` client wrap the LION MCP server so that when the audit tool returns native MCP x402 payment-required (JSON-RPC -32402), AgentKit's wallet signs and pays automatically. LION does NOT perform the payment.

Endpoint #2 (Marketplace Visibility Audit) is **public beta**, launched 2026-05-27, awaiting its first external buyer. Payment rail is proven by prior controlled Endpoint #1 settlements. No external paid proof has been claimed for Endpoint #2. `external_paid_proof: false`.

## What this pair does

- **LION MCP server** exposes the `lion_marketplace_visibility_audit` tool over Streamable HTTP. Unpaid `tools/call` returns JSON-RPC error `-32402` with `error.data.payment.paymentRequirement` (x402 v2 shape). The tool itself never charges your wallet.
- **AgentKit's CDP wallet** holds the buyer's funds and signs EIP-3009 TransferWithAuthorization signatures.
- **`@x402/mcp` client** wraps MCP transport, intercepts -32402 responses, asks AgentKit's wallet to sign, and retries with the `Payment-Signature` header on the HTTP paid route LION returns in the not-yet-supported fallback.

## Install (one-time)

In your AgentKit agent project:

```
npm install @coinbase/cdp-sdk @coinbase/agentkit @x402/fetch @x402/mcp @modelcontextprotocol/sdk
```

Authenticate AgentKit with your CDP credentials per the official AgentKit docs (https://docs.cdp.coinbase.com/agent-kit/core-concepts/wallet-management). LION does not see or touch your AgentKit credentials.

## Connect LION as a remote MCP server

```ts
import { CdpClient } from '@coinbase/cdp-sdk';
import { AgentKit } from '@coinbase/agentkit';
import { withX402Client } from '@x402/fetch';
import { McpClient } from '@x402/mcp';

const cdp = new CdpClient({ apiKey: process.env.CDP_API_KEY });
const agent = await AgentKit.fromCdp(cdp);
const wallet = await agent.getOrCreateWallet({ networkId: 'base-mainnet' });

const x402Fetch = withX402Client(fetch, {
  signer: wallet,                         // AgentKit-managed CDP wallet
  network: 'base-mainnet',
  maxAtomicPerRequest: '100000',          // your per-call atomic USDC cap (here: $0.10)
});

const lion = new McpClient({
  url: 'https://gleaming-cassata-d41682.netlify.app/api/mcp?src=buyer_runtime_agentkit',
  transport: 'streamable-http',
  fetch: x402Fetch,
});

await lion.initialize();
const tools = await lion.listTools();
// tools[].name should include: lion_marketplace_visibility_audit
```

## Call the audit tool

```ts
const result = await lion.callTool({
  name: 'lion_marketplace_visibility_audit',
  arguments: { url: 'https://example.com/api/x402/your-paid-route' },
});
// Unpaid path: McpClient receives JSON-RPC -32402 + paymentRequirement.
// withX402Client + AgentKit wallet sign EIP-3009 for 50000 atomic USDC on Base
// (eip155:8453) -> LION payTo 0x84c2...d9Ac.
// On success: result is the audit JSON returned by the paid HTTP route.
```

## Payment terms LION will quote

When the wallet middleware reads `error.data.payment.paymentRequirement` on the -32402 response, it sees:

- `x402Version`: `2`
- `accepts[0].scheme`: `exact`
- `accepts[0].network`: `eip155:8453` (Base mainnet)
- `accepts[0].amount`: `50000` atomic USDC (= $0.05)
- `accepts[0].asset`: `0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913` (USDC on Base)
- `accepts[0].payTo`: `0x84c2e2ec19a4b467D89fE3F008591DEEA884d9Ac`
- `accepts[0].maxTimeoutSeconds`: `60`
- `accepts[0].extra`: `{ name: "USDC", version: "2" }`

AgentKit's wallet constructs the EIP-3009 authorization against these exact values.

## What the audit returns (paid 200)

A structured JSON report with:

- `well_known_x402` status of the audited service
- `payment_required_body` validity
- extracted `payTo` / `amount` / `asset` / `network` / `scheme` of the audited 402
- `x402scan_status`, `mcp_registry_status`
- `machine_discovery_files`: `{ llms_txt, openapi, agents_json }` statuses
- `visibility_score` (0..100)
- `top_3_recommendations` (ranked remediation list)

## Spending guardrails (your AgentKit wallet, not LION)

AgentKit's wallet will refuse the payment if:

- amount exceeds `maxAtomicPerRequest`
- network differs from configured
- AgentKit spend policy denies the request
- wallet balance is insufficient

LION cannot bypass any of these. There is no fallback in LION that signs on your wallet's behalf.

## Constraints

- No API key required to call LION.
- No PII collected by LION.
- No claim of guaranteed conversion.
- No claim of external paid proof for Endpoint #2.
- LION does not perform any wallet operation.

## Discovery surfaces (alternative paths to find LION)

- Glama: https://glama.ai/mcp/connectors/app.netlify.gleaming-cassata-d41682/lion-mcp
- MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=gleaming-cassata
- Direct MCP URL: `https://gleaming-cassata-d41682.netlify.app/api/mcp?src=buyer_runtime_agentkit`

## Source attribution

Use the `?src=buyer_runtime_agentkit` query tag in the MCP URL. LION's by_src ledger attributes AgentKit-originated traffic separately from generic crawler hits.
