MPP-I is currently a protocol paper and early public specification repository.
If you find a security issue in the protocol design, examples, schemas, or future libraries, please email:
For non-sensitive protocol questions, open a GitHub Discussion or Issue.
In scope:
- protocol accounting issues,
- payment-state binding issues,
- replay or double-settlement risks,
- privacy leaks in payment/control-plane design,
- unsafe future schemas or examples.
Out of scope:
- issues in third-party payment systems,
- issues in unrelated MPP or x402 implementations,
- legal, compliance, tax, or regulatory advice.