Bounded evidence · deterministic JSON · Base USDC
AI Discovery Site Audit — AEO/GEO Fix Pack
Audit one public HTTPS page with at least one public IPv4 DNS answer before release. One 5 USDC request returns an immediate JSON report with 22 technical SEO/AEO/GEO checks and five evidence-derived remediation slots for JSON-LD, metadata, robots.txt, llms.txt, and sitemap.xml—with copy-paste code whenever the observed evidence supports it.
5.00 USDC · immediate JSON response · no account · buyer wallet required
Buy in three steps: prepare an injected MetaMask or Coinbase Wallet that can use Base with at least 5 USDC; run the free exact-URL eligibility check; then make one guarded browser-wallet purchase with no automatic retry. Advanced x402 client and reviewed Node paths stay collapsed below. Payan is an agents-only route, not a browser checkout. See the OpenAPI contract or x402 resource manifest.
Inspect exact value before paying
The frozen fixture and complete reports show every base 22-check delta. This is reproducible seller evidence, not a paid customer result or independent attestation.
Delivery: the paid request returns the complete JSON report immediately; there is no email or dashboard account. An x402 buyer wallet is still required.
Start browser-wallet checkout in three guarded steps
Default buyer path
Have these ready before the free URL check
- An injected wallet: MetaMask or Coinbase Wallet must be available in this browser.
- Base network: the wallet must be able to use Base; checkout can request the network switch with wallet approval.
- At least 5 USDC: use a dedicated limited-funds account holding at least 5 USDC on Base.
No signature yet: this readiness step does not connect your wallet, request a signature, or send a payment. The page never receives or stores your private key, and the next link only opens the free eligibility step.
I have a wallet with 5 USDC — check my URL free- Prepare the browser wallet. Confirm the injected wallet, Base access, and dedicated 5 USDC balance above.
- Check the exact URL free. Eligibility lasts five minutes and binds the exact JSON body.
- Buy once. Submit that unchanged body with one signature and no automatic retry; the JSON report returns in the paid response.
Advanced agent/Node paths
Use the direct endpoint after the free check. Your client must support x402 v2 exact payments on Base, bind PAYMENT-SIGNATURE to this resource, preserve the checked body, and make exactly one signed attempt.
In a clean local Node project, install the exact reviewed dependencies before starting the short eligibility window. This installs packages only; it does not sign or send a payment.
npm install --save-exact @payanagent/sdk@0.2.2 @x402/fetch@2.18.0 @x402/evm@2.18.0 viem@2.55.1For every path, use a dedicated limited-funds Base wallet with at least 5 USDC. Browser checkout uses the injected wallet provider and never reads a private key. For the Node fallback only, set WALLET_KEY in the local buyer process; never paste a private key into this page.
Step 2 — Check delivery eligibility just before buying
Run this free support check with the exact body you plan to pay for. It uses the paid audit's bounded main-page DNS, TLS, redirect, and body transport but makes no root-file requests and returns no score, findings, or remediation output. Its SHA-256 binds the exact JSON.stringify({url}) body.
Enter the exact URL you intend to audit. The purchase script and optional inspection tools stay locked until this check succeeds.
Exact checked JSON body
Browser wallet checkout · direct x402 · one signed attempt
Use an injected MetaMask or Coinbase Wallet with Base and at least 5 USDC. Connecting only selects the account, switches to Base with wallet approval, and reads the USDC balance. Payment requires a separate confirmation and wallet signature.
Run the free eligibility check to unlock browser checkout.
Save delivered JSON reportPayment warning: the browser payment button or guarded Node recipe performs one irreversible 5 USDC purchase. Review the exact wallet authorization, use a dedicated limited-funds buyer wallet, keep the eligibility-checked body unchanged, and never auto-run or auto-retry it.
Step 3 · exact save, set, and one-run commands
- Save: run
umask 077 && ${EDITOR:-vi} buy-site-audit.mjs, paste the copied script, save, and exit. - Set: in the same local Bash or Zsh shell run
printf 'WALLET_KEY: '; read -rs WALLET_KEY; printf '\n'; export WALLET_KEY, then enter the dedicated wallet private key. - Run once: before eligibility expires, run
node buy-site-audit.mjsexactly once. Do not retry after an ambiguous result.
Primary action · guarded agents-only Payan SDK Node recipe · no browser checkout · offer kh70zbzh8m5awkegpvn7tc82798aed20
Optional nonpaying HTTP 402 inspection tools
Inspect Payan agent offer · agents only · no checkout · does not pay
Direct 402 probe · inspection only · plain curl does not pay
Probe warning: both curl snippets only inspect the HTTP 402 challenge. Neither supplies PAYMENT-SIGNATURE, checks out, or pays. Payan challenges before seller input validation, so use only the guarded recipe with the freshly checked body when intentionally buying.
Payan agent 402 probe · agents only · no checkout · inspection only · plain curl does not pay · offer kh70zbzh8m5awkegpvn7tc82798aed20
Eligibility is a point-in-time main-delivery check, not an outcome, ranking, citation, traffic, conversion, or revenue guarantee. Submit the unchanged checked body promptly; network state can change.
Choose the paid request path
Direct x402: the report handler runs before settlement is finalized. An invalid input or audit failure returns 4xx/5xx with paymentWillNotSettle: true.
Reviewed Payan agent path (agents only; no browser checkout): payment produces a public signed receipt, but Payan challenges before seller input validation and a wrong body can still settle. Run the free eligibility check first, then send the exact unchanged body with the guarded SDK recipe.
An x402-capable buyer client must submit PAYMENT-SIGNATURE. Existing clients can use the direct route; the reviewed Payan SDK recipe is the primary guided path. The two collapsed curl probes only return an HTTP 402 challenge and never pay.
Verify the result before paying
The versioned before/after case study contains both frozen HTTP representations, two complete reports, every 22-check, seven-finding, and five-remediation delta, a deterministic root-replacement patch, and SHA-256 integrity bindings. The fixed seller-controlled fixture moves from 69/D to 95/A while retaining the honest HSTS failure. This immutable v1 artifact proves the original base served-HTML replay only; it predates and does not prove v1.1 root-file observation. It is not a paid customer result or an independent attestation, and makes no ranking, citation, traffic, conversion, or revenue promise.
The free sample report and live methodology show the current v1.1 production contract for the fixed public target example.com: all 22 checks, three bounded root-file observations, seven AEO/GEO/agent-discovery findings, five remediation artifacts, bounded HTTP/TLS evidence, dossier ID, body SHA-256, root-evidence SHA-256, and report SHA-256. The sample is refreshed by the same runtime and contains no shortened demo fields.
The free eligibility check is the pre-payment safety gate for both paid paths. It is not an audit preview and does not weaken the paid 22-check, three-root-observation, seven-finding, five-remediation contract.
Payment contract: exact x402 on Base (eip155:8453), 5.000000 canonical USDC at 0x8335…2913, paid to 0xb0Bb…e92c.
What the report checks
Authenticated HTTPS and final status; HSTS, CSP, nosniff, frame, referrer, and permissions policies; title, description, canonical, robots, language, H1, Open Graph, and JSON-LD; image alt attributes, form labels, heading order, main landmark, and skip link. The additive AI-discovery section maps those observations to answer identity, citation structure, page indexability, and machine-readable identity.
This is release evidence, not a ranking promise, full SEO, WCAG, penetration, compliance, or legal audit. It does not render JavaScript. AEO/GEO have no universal certification standard. Root files use separate 64/128/256 KiB caps; redirects and links are never followed, bodies are never returned, and failures remain explicitly unknown rather than blocking the HTML report.
Redirects may cross origins only after the same public-DNS, TLS, and pinned-IP validation is repeated. The dossier ID is stable for the same requested URL, final URL, response body, allowlisted headers, and normalized root-evidence digest.
Reproducible before/after proof · Live fixed check catalog, scoring, and fail-closed rules · Live production sample