Clarify x402 usage and add a minimal SECURITY.md by GsCommand · Pull Request #20 · commandlayer/agent-cards

GsCommand · 2026-03-20T06:13:31Z

Remove ambiguity for first-time readers about the x402:// entry form and raise repository credibility by providing a short, factual security policy.

Updated README.md to define x402:// as the protocol-form entry identifier used by CommandLayer agents and to state it represents a standardized action endpoint (<verb> + route + version).
Added the same concise x402:// explanation next to the entry rule in SPEC.md.
Replaced the placeholder SECURITY.md with a minimal, credible policy that covers scope, reporting to the existing repo contact (dev@commandlayer.org), responsible disclosure, and best-effort response expectations.
Verified shipped metadata already uses the final publish_state value published in meta/commons-agent.json and meta/commercial-agent.json, so no metadata changes were required.

Ran npm run validate which failed due to an unrelated duplicate validateLegacyLine declaration in scripts/validate-cards.mjs.
Ran npm run validate:release which confirmed dist-pin/agent-cards/v1.1.0 matches a freshly generated derivative bundle but failed external schema URL resolution in this environment (network fetch errors).
Searched the repository for transitional publish-state wording (ready-to-pin, ready, pending, to-pin) and found no remaining matches, and checksums.txt did not require regeneration because only documentation files were changed.

…-repo

Clarify x402 references and security policy

3734811

GsCommand added the codex label Mar 20, 2026 — with ChatGPT Codex Connector

Merge branch 'main' into codex/fix-credibility-issues-in-commandlayer…

dec88cd

…-repo

GsCommand merged commit 1ec7ed8 into main Mar 20, 2026
0 of 2 checks passed

GsCommand deleted the codex/fix-credibility-issues-in-commandlayer-repo branch March 20, 2026 06:29

Provide feedback