{"status":"not-supported-in-public-mvp","activeStorageEndpoint":false,"paid":false,"description":"Action402 public MVP does not store target-side secrets. Agents should use target-owned webhooks, short-lived per-request headers, or partner deployments.","why":"Universal paid execution is accountless. Storing long-lived third-party credentials would require authentication, ownership checks, encryption lifecycle, rotation, and abuse controls.","safeAlternatives":["Use target-owned webhook URLs where the secret stays on the target side.","Send short-lived target authorization headers only inside the paid request when the caller owns them.","Use /api/policy/check before payment to validate target safety without revealing long-lived credentials.","For private partner use, deploy a dedicated allowlisted Action402 instance with a managed secret vault."],"neverSend":["wallet private keys","seed phrases","long-lived admin tokens","database URLs","unscoped production credentials"],"futureShape":{"method":"POST","path":"/api/secrets","status":"requires account/auth design before activation"},"links":{"page":"https://action402.vercel.app/secrets","policy":"https://action402.vercel.app/api/secrets/policy","policyCheck":"https://action402.vercel.app/api/policy/check","onboarding":"https://action402.vercel.app/onboarding"}}