The latest articles on DEV Community by Keich (@keich2realg). https://dev.to/keich2realg https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3997030%2Ff21f9954-99c0-4093-aa99-61ee700a68ad.png https://dev.to/keich2realg en Keich Mon, 22 Jun 2026 13:31:29 +0000 https://dev.to/keich2realg/built-a-pay-per-call-cve-fix-remediation-api-for-agents-x402-no-account-k85 https://dev.to/keich2realg/built-a-pay-per-call-cve-fix-remediation-api-for-agents-x402-no-account-k85 <p>I built this solo over a couple of nights and it's live on Base mainnet. Sharing for feedback, not selling anything.</p> <p>The idea: a dependency scanner or coding agent hits a known-vulnerable package mid-task. Instead of "CVE-XXXX found, good luck", it can call one endpoint and get back the actual remediation reasoning — fixed version, upgrade path, breaking-change risk, migration notes.</p> <p>It's LLM-synthesized but grounded on OSV, so fix versions are real rather than hallucinated, and answers are cached so repeats are instant and cheap.</p> <p>Pay-per-call via x402: flat $0.02 in USDC on Base, no account, no API key. There's also a prepaid path for higher volume.</p> <p>POST <a href="https://refiner-gateway.onrender.com/cve/pay" rel="noopener noreferrer">https://refiner-gateway.onrender.com/cve/pay</a><br> { "ecosystem":"npm", "package":"lodash", "version":"4.17.20", "cve":"CVE-2021-23337" }</p> <p>Repo: <a href="https://github.com/keich2realg/refiner-gateway" rel="noopener noreferrer">https://github.com/keich2realg/refiner-gateway</a></p> <p>Honest questions: does the price feel right? Would you wire this into an agent, and if not, what's missing? Which ecosystems should I prioritize?</p> x402 ai agents security