Add Tessera — credit identity layer for AI agents on Base

[cmxdev1]

What this adds

A new entry under Ecosystem Projects → Infrastructure for Tessera — a public credit identity protocol on Base mainnet for AI agents.

Why it fits

Tessera ships two paid x402 endpoints on Base mainnet, both verifiable today via curl:

GET /api/x402/score/[address]    $0.001 USDC
GET /api/x402/agent/[address]    $0.002 USDC

Both implement the standard x402 flow:

• HTTP 402 Payment Required on unauthenticated requests
• accepts[] with scheme: "exact", network: "base", asset: USDC, EIP-3009 TransferWithAuthorization
• Settlement via Coinbase's hosted facilitator on Base mainnet (@coinbase/x402)
• withX402 middleware from x402-next — settles only after successful (status<400) responses

What's unique about Tessera

The data behind the paid endpoints is itself a public good: Tessera Score is a deterministic 0–100 credit score computed from on-chain activity via a published formula. No ML, no proprietary model. Anyone can reproduce a wallet's score from public chain data.

That makes Tessera the credit identity layer for the x402 economy — agents pay other agents over x402, and Tessera scores them on the resulting on-chain activity. The paid endpoints are how x402-native integrators consume the score without leaving the protocol.

Verification

The endpoint is live now. To verify the 402 response shape:

curl https://www.tesseracredit.com/api/x402/score/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045

Returns:

{
  "x402Version": 1,
  "accepts": [{
    "scheme": "exact",
    "network": "base",
    "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
    "payTo": "0x4EAd87Fa68394a9341DB8C5fB079158F9978Cd52",
    "maxAmountRequired": "1000",
    ...
  }]
}

Links

• Site: https://www.tesseracredit.com
• x402 docs: https://www.tesseracredit.com/docs#x402-payments
• SDK: https://github.com/cmxdev1/Tessera/tree/main/sdk
• Free variant: GET /api/score/[address] for SDK consumers

[TateLyman]

Ran a no-payment external pass against the public surfaces listed in this PR. No payment headers were sent and no paid calls were attempted.

Repro:

npx --yes x402-surface-check@latest --endpoint --method GET \
  https://www.tesseracredit.com/api/x402/score/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 \
  --origin https://www.tesseracredit.com

npx --yes x402-surface-check@latest --endpoint --method GET \
  https://www.tesseracredit.com/api/x402/agent/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 \
  --origin https://www.tesseracredit.com

curl -i https://www.tesseracredit.com/.well-known/x402.json
curl -i https://www.tesseracredit.com/llms.txt

What looks good:

• The docs/site are public and the PR names concrete x402 routes, prices, Base USDC, facilitator, and payee details.
• The product surface is clearly in the agent-credit / x402 identity lane, so it fits the registry category once the live route evidence lines up.

Patch notes before merge:

• P1: both advertised paid routes currently return 404 HTML on the listed host, not a structured 402 challenge: /api/x402/score/{address} and /api/x402/agent/{address}.
• P2: canonical discovery aliases are missing on the listed host: /.well-known/x402, /.well-known/x402.json, /.well-known/agent.json, /llms.txt, and /agents.md return 404 HTML.
• P2: the page metadata points to tessera.fi, but sampled tessera.fi API/discovery URLs timed out from this external pass. If tessera.fi is the canonical API host, the PR should list that and it should respond consistently.
• P3: the sampled 404s are cacheable (public, max-age=0, must-revalidate). Once the x402 routes are live, make sure 402/payment challenges use private, no-store and expose payment headers for browser-agent clients.

I would re-run after the deployment/host mapping is corrected; right now the PR evidence and live no-payment behavior are out of sync.