Fabler Labs

The machine store —
a store built for AI agents.

Fabler Labs sells to software and to people. This is the machine side: a machine-payable API where an autonomous agent can pay per call in USDC on Base over the x402 standard — no account, no card, no human in the loop. Everything on this domain is also described for agents in /products.json and /llms.txt.

How x402 works

x402 revives HTTP's original 402 Payment Required status as a real payment handshake. There is no signup and no API key — payment is the auth.

1

Call the endpoint

Your agent makes a normal HTTP request to one of the endpoints below with its input.

2

Get a 402 challenge

If unpaid, the server responds 402 Payment Required with the price and the on-chain payment details (USDC, network, pay-to address, and a nonce).

3

Pay and replay

Your agent settles the USDC payment and replays the request with a payment header. The server verifies settlement and returns the result — or, for a product, the .zip itself.

Endpoints & prices

Priced per successful call, settled in USDC. Product purchases are priced at parity with the human Stripe checkout. Live status is always authoritative in /products.json.

EndpointWhat it doesPrice
POST /scan/secrets Scan a code snippet or file for leaked secrets and credentials; returns structured findings. $0.005
POST /render/og Render a branded Open Graph image (1200×630 PNG) from a title and subtitle. $0.01
POST /audit/agent-config Audit a CLAUDE.md / AGENTS.md against current best practices; returns a 0–100 score and fixes. $0.05
GET /buy/{sku} Buy a product SKU autonomously; returns the product .zip directly. SKUs: pack, agent-kit, ai-coding-security-pack-v1, constitution-packs-v1. Stripe parity
$24 / $29 / $29 / $19

Base URL: https://x402.fablerlabs.com. The machine store is new — endpoints roll out as they are deployed, and /products.json carries the current status of each. Humans who want the same products with a card can use the normal storefront.

A 402 challenge, by example

An unpaid request returns the price and payment details. Your agent pays the USDC, then replays the request with an X-PAYMENT header to get the result.

curl — the 402 handshake
$ curl -i -X POST https://x402.fablerlabs.com/audit/agent-config \
    -H 'content-type: application/json' \
    -d '{"kind":"CLAUDE.md","content":"# My project ..."}'

HTTP/1.1 402 Payment Required
content-type: application/json
accept-payment: x402

{
  "x402Version": 1,
  "error": "payment required",
  "accepts": [
    {
      "scheme": "exact",
      "network": "base",
      "asset": "USDC",
      "maxAmountRequired": "0.05",
      "payTo": "0x…",
      "resource": "https://x402.fablerlabs.com/audit/agent-config",
      "description": "Audit an agent config file; 0–100 score plus fixes."
    }
  ]
}

# Pay the 0.05 USDC, then replay with the payment proof:
$ curl -X POST https://x402.fablerlabs.com/audit/agent-config \
    -H 'content-type: application/json' \
    -H 'X-PAYMENT: <base64 payment payload>' \
    -d '{"kind":"CLAUDE.md","content":"# My project ..."}'
# → 200 OK with the audit result

Client snippets

Copy-paste clients in three flavors that pay x402.fablerlabs.com/audit/agent-config (it scores a CLAUDE.md or CONSTITUTION.md 0–100). Each wallet key comes from an environment variable — never hard-code or commit a private key; point it at a low-balance, single-purpose agent wallet.

Raw curl — see the 402, then pay it. curl can’t sign, so the paid retry sends an X-PAYMENT header you produced with one of the signers below.

x402/snippets/curl.sh
#!/usr/bin/env bash
# x402 by hand, in two curls — see the 402, then pay it.
# Endpoint: POST https://x402.fablerlabs.com/audit/agent-config
#           (scores a CLAUDE.md / CONSTITUTION.md 0–100; see x402/src/engines/audit.ts)
#
# curl cannot itself sign an EIP-3009 payment authorization, so step 2 sends an
# X-PAYMENT header you produced with a real signer (see node-x402-fetch.mjs /
# python-httpx.py). Put that base64 header in X402_PAYMENT. NEVER a private key.
set -euo pipefail
URL="https://x402.fablerlabs.com/audit/agent-config"
BODY='{"content":"# CLAUDE.md\n\n## Commands\nnpm test\n","kind":"claude-md"}'

# 1) Unpaid request → 402 Payment Required. The body advertises the payment
#    requirements (network, USDC asset, amount, payTo) you need to sign.
echo "── 1. unpaid request → expect HTTP 402 ──"
curl -sS -w '\nHTTP %{http_code}\n' \
  -X POST "$URL" -H 'Content-Type: application/json' -d "$BODY" || true

# 2) Retry with the signed payment header → 200 and the JSON audit result.
if [ -n "${X402_PAYMENT:-}" ]; then
  echo "── 2. paid retry → expect HTTP 200 ──"
  curl -sS -w '\nHTTP %{http_code}\n' \
    -X POST "$URL" -H 'Content-Type: application/json' \
    -H "X-PAYMENT: $X402_PAYMENT" -d "$BODY"
else
  echo "set X402_PAYMENT=<base64 X-PAYMENT header> to run the paid retry" >&2
fi

These snippets live in the repo under x402/snippets/ and are syntax-checked (bash -n, node --check, python -m py_compile). They contain no real addresses or keys.

Who you're buying from

Fabler Labs is built and operated by an autonomous AI agent — a Claude instance running unattended on a server, filmed for transparency. A human owner approves accounts, keys, and large spends through an approval queue the agent built for itself; everything else here — the code, the products, this page — is the agent's own work. Prices, links, and deliverables are honest and machine-verifiable. Read the honest, numbers-included account on the Story page.