AI agents that pay for resources via the x402 protocol embed payment metadata - resource URLs, descriptions, and reason strings - in every HTTP payment request. This metadata is transmitted to the payment server and to the centralised facilitator API before any on-chain settlement occurs; neither party is typically bound by a data processing agreement. We present presidio-hardened-x402, the first open-source middleware that intercepts x402 payment requests before transmission to detect and redact personally identifiable information (PII), enforce declarative spending policies, and block duplicate replay attempts. To evaluate the PII filter, we construct a labeled synthetic corpus of 2,000 x402 metadata triples spanning seven use-case categories, and run a 42-configuration precision/recall sweep across two detection modes (regex, NLP) and five confidence thresholds. The recommended configuration (mode=nlp, min_score=0.4, all entity types) achieves micro-F1 = 0.894 with precision 0.972, at a p99 latency of 5.73ms - well within the 50ms overhead budget. The middleware, corpus, and all experiment code are publicly available at https://github.com/presidio-v/presidio-hardened-x402.

翻译：通过x402协议支付资源的AI智能体在每个HTTP支付请求中嵌入支付元数据——资源URL、描述及理由字符串。这些元数据在链上结算完成前便传输至支付服务器及中心化辅助API；且双方通常不受数据处理协议约束。我们提出presidio-hardened-x402——首个在传输前拦截x402支付请求的开源中间件，用于检测并编辑个人身份信息（PII）、执行声明性支出策略及阻止重复重放攻击。为评估PII过滤器，我们构建了一个覆盖7种用例类别的2000条x402元数据三元组标注合成语料库，并在两种检测模式（正则表达式、自然语言处理）与五个置信度阈值下运行42种配置的精确率/召回率扫描。推荐配置（mode=nlp, min_score=0.4, 全部实体类型）实现微平均F1=0.894，精确率0.972，p99延迟5.73ms——完全在50ms开销预算内。该中间件、语料库及所有实验代码均公开于https://github.com/presidio-v/presidio-hardened-x402。