DEV Community

Keich
Keich

Posted on

Built a pay-per-call CVE fix remediation API for agents (x402, no account)

I built this solo over a couple of nights and it's live on Base mainnet. Sharing for feedback, not selling anything.

The idea: a dependency scanner or coding agent hits a known-vulnerable package mid-task. Instead of "CVE-XXXX found, good luck", it can call one endpoint and get back the actual remediation reasoning — fixed version, upgrade path, breaking-change risk, migration notes.

It's LLM-synthesized but grounded on OSV, so fix versions are real rather than hallucinated, and answers are cached so repeats are instant and cheap.

Pay-per-call via x402: flat $0.02 in USDC on Base, no account, no API key. There's also a prepaid path for higher volume.

POST https://refiner-gateway.onrender.com/cve/pay
{ "ecosystem":"npm", "package":"lodash", "version":"4.17.20", "cve":"CVE-2021-23337" }

Repo: https://github.com/keich2realg/refiner-gateway

Honest questions: does the price feel right? Would you wire this into an agent, and if not, what's missing? Which ecosystems should I prioritize?

Top comments (0)