🧪 ReppS — Reviewer Test Guide

OKX.AI Genesis Hackathon 2026 · Agent #5527 · For marketplace reviewers

All endpoints below are public and free to test. The ?test=1 flag on paid endpoints is a hackathon-only review aid — it lets you test the full paid flow without a real wallet. Set REJECT_TEST_BYPASS=1 in production to disable.

0. Connectivity (10 sec)

Sanity check

curl https://repps.xyz/health

Expect: status: ok, network: eip155:196, asset: USDT0, uptime_seconds growing.

1. x402 v2 spec compliance (30 sec)

Verify the 402 challenge format

curl -i -X POST https://repps.xyz/api/challenge \
  -H "Content-Type: application/json" \
  -d '{"action_type":"swap","params":{"token_out":"MEME","slippage_pct":12,"pool_liquidity_usd":8000},"context":{"agent_id":"reviewer"}}'

Expect: HTTP 402 with PAYMENT-REQUIRED header (base64) and JSON body containing x402Version: 2, accepts[0].network: "eip155:196", accepts[0].amount: "10000" (= 0.01 USDT), accepts[0].payTo (an X Layer address), accepts[0].extra.name: "USD₮0".

Check the manifest

curl https://repps.xyz/.well-known/x402

Expect: 4 services listed (quick_check, challenge, bundle, audit), x402 v2 spec, valid receive address.

2. Free tier (no payment needed)

Test the free quick_check

curl -X POST https://repps.xyz/api/quick_check \
  -H "Content-Type: application/json" \
  -d '{"action_type":"swap","params":{"token_out":"MEME","slippage_pct":12,"pool_liquidity_usd":8000},"context":{"agent_id":"reviewer"}}'

Expect: verdict: REVIEW or ABORT, top_risk mentioning slippage, free_remaining_today: 2 (decrements per call).

3. Paid flow — test bypass

Test the full paid flow without a wallet

curl -X POST "https://repps.xyz/api/challenge?test=1" \
  -H "Content-Type: application/json" \
  -d '{"action_type":"swap","params":{"token_out":"MEME","slippage_pct":12,"pool_liquidity_usd":8000},"context":{"agent_id":"reviewer"}}'

Expect: HTTP 200 with full review (verdict, confidence, risks, alternatives, adversarial_questions, reasoning). Response will include test_bypass: true to mark that payment was bypassed for testing.

Test the bundle endpoint

curl -X POST "https://repps.xyz/api/bundle?test=1" \
  -H "Content-Type: application/json" \
  -d '{"action_type":"swap","params":{"token_out":"MEME","slippage_pct":12,"pool_liquidity_usd":8000},"context":{"agent_id":"reviewer"}}'

Expect: 5 review results (different framings) + consensus summary.

Test the audit endpoint

curl -X POST "https://repps.xyz/api/audit?test=1" \
  -H "Content-Type: application/json" \
  -d '{"format":"soc2-lite","agent_id":"reviewer"}'

Expect: audit_id, format, entries array, count.

4. Real payment flow (with a test receipt)

Generate a test receipt

RECEIPT=$(curl -s https://repps.xyz/api/test/receipt?tool=challenge | python3 -c "import json,sys; print(json.load(sys.stdin)['receipt_b64'])")
echo "$RECEIPT" | head -c 80; echo "..."

Use the receipt to call the paid endpoint

curl -X POST https://repps.xyz/api/challenge \
  -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: $RECEIPT" \
  -d '{"action_type":"swap","params":{"token_out":"MEME","slippage_pct":12,"pool_liquidity_usd":8000},"context":{"agent_id":"reviewer"}}'

Expect: HTTP 200 with full review, paid: true, receipt_verified: true.

5. Edge cases worth testing

Burn address (should ABORT)

curl -X POST "https://repps.xyz/api/quick_check" \
  -H "Content-Type: application/json" \
  -d '{"action_type":"send","params":{"to":"0x0000000000000000000000000000000000000000","amount":"100","asset":"USDT"},"context":{}}'

Scam message (should REVIEW/ABORT)

curl -X POST "https://repps.xyz/api/quick_check" \
  -H "Content-Type: application/json" \
  -d '{"action_type":"message","params":{"to":"@user","body":"wire me via western union","channel":"dm"},"context":{}}'

Unaudited contract deploy (should REVIEW/ABORT)

curl -X POST "https://repps.xyz/api/quick_check" \
  -H "Content-Type: application/json" \
  -d '{"action_type":"deploy","params":{"bytecode":"0x6080604052"},"context":{}}'

All checks pass in < 2 seconds. ReppS works without a wallet (free tier + test bypass), with a wallet (real x402), and gracefully errors on bad input (400 / 402 / 404 / 429 all return clean JSON).

Questions? Open an issue at github.com/ademidun69/repps.