Add Byte Protocol to ecosystem

[0rkz]

Adds Byte Protocol to the ecosystem directory under Services/Endpoints.

Byte Protocol is a per-byte data marketplace for AI agents on Arbitrum — agents
pay publishers in USDC per byte via x402, with no API keys or accounts. Each
publisher stakes reputation that is slashed on-chain for bad data, so feed
quality is economically enforced.

• Website: https://www.payperbyte.io
• x402 payments via the Byte x402 gateway + facilitator

This PR adds two files:

• typescript/site/app/ecosystem/partners-data/byte-protocol/metadata.json
• typescript/site/public/logos/byte-protocol.png (161×168 transparent PNG)

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 1 Sum 2

[TateLyman]

Ran a no-payment external pass against the public Byte Protocol surfaces linked from this PR. Scope was only the public site/docs/npm/OpenAPI/indexer surfaces; I did not send payment headers, wallet signatures, private keys, contract writes, or paid calls.

Repro:

npx --yes x402-surface-check@latest https://www.payperbyte.io/.well-known/x402 \
  --origin https://www.payperbyte.io --limit 6

npm view byte-mcp-server version dist-tags time --json
curl -i https://feeds.payperbyte.io/health
curl -i https://feeds.payperbyte.io/publishers
curl -i https://api.payperbyte.io/publishers
curl -i https://fact-oracle.payperbyte.io/openapi.json

What looks good:

• The indexer is live: feeds.payperbyte.io/health returns synced state, and /publishers exposes active publisher/message/revenue metadata.
• The fact-oracle OpenAPI is public at https://fact-oracle.payperbyte.io/openapi.json, including a concrete /query route, dynamic byte-cost guidance, and Byte on-chain payment metadata.
• A no-signature POST /query returns a structured 401 explaining the required EIP-712 fields/domain instead of trying to execute work.

Patch notes before/after listing:

• P1: byte-mcp-server GitHub metadata is now 0.7.0, and the README says 0.7.0 is needed because 0.6.x keeps talking to paused v0.5 contracts. npm still serves byte-mcp-server@0.6.0 as latest, so npx -y byte-mcp-server appears to install the stale client path.
• P1: https://www.payperbyte.io/.well-known/x402 returns 404, so canonical x402 crawlers do not have a machine-readable paid-resource map from the website.
• P1/P2: the PR copy says Arbitrum/x402 with no accounts, while the live site/footer/docs/OpenAPI are still clearly Arbitrum Sepolia/testnet and "launch pending". If the listing is intentionally testnet, I would make that explicit in the ecosystem description.
• P2: onboarding docs point to api.payperbyte.io/publisher/..., but sampled publisher endpoints worked under feeds.payperbyte.io; api.payperbyte.io/publishers and /publisher/... returned 404.
• P2: browser preflight for https://fact-oracle.payperbyte.io/query returns 200/Allow: OPTIONS, POST, but the sampled response did not expose Access-Control-Allow-Origin / Access-Control-Allow-Headers, so direct browser-agent calls may not work from the marketplace or partner origins.

[0rkz]

Thanks for the careful pass, @TateLyman — the scoped, no-payment methodology and the repro block made every one of these trivial to action. All five are now fixed; the same repro block will confirm.

P1 — npx byte-mcp-server on the stale path: byte-mcp-server@0.7.0 is published to npm and is now the latest tag — npm view byte-mcp-server version returns 0.7.0. npx -y byte-mcp-server no longer pulls the 0.6.x client wired to the paused v0.5 contracts.

P1 — /.well-known/x402 404: https://www.payperbyte.io/.well-known/x402 now returns 200 with a machine-readable paid-resource map (served as application/json), pointing crawlers at the x402 gateway feeds and OpenAPI.

P1/P2 — testnet clarity: Correct call, and intentional — this is a testnet listing. The ecosystem metadata.json description in this PR now states it explicitly: "Currently live on Arbitrum Sepolia testnet; mainnet launch pending." The site/footer/docs/OpenAPI were already accurate; the PR copy now matches them.

P2 — publisher endpoint: api.payperbyte.io/publishers and /publisher/<address> are now live routes returning the publisher directory, so those paths resolve instead of 404ing. feeds.payperbyte.io/publishers continues to serve the indexer view.

P2 — fact-oracle CORS: the /query preflight now returns Access-Control-Allow-Origin, -Methods and -Headers, so browser-agent calls work from marketplace and partner origins. The same fix is applied to our two other oracle /query endpoints.

Appreciate the review — exactly the kind that's useful to act on. Happy to dig into anything else you spot.

[TateLyman]

Rechecked after your patch. The first-pass items I flagged look materially improved:

• byte-mcp-server now serves 0.7.0 as latest.
• https://www.payperbyte.io/.well-known/x402 now returns 200 JSON.
• the discovery copy now clearly says Arbitrum Sepolia/testnet and mainnet pending.
• https://api.payperbyte.io/publishers now resolves.
• the direct fact-oracle path now gives browser-readable CORS and a structured EIP-712 signature-required response.

I did find one follow-up drift on the newly listed x402.payperbyte.io gateway surface: the branded well-known/OpenAPI now describe the gateway feed routes as x402-paid and say unauthenticated calls return 402, but sampled gateway routes are currently returning 200 feed data or 400 validation before a payment challenge. I sent the exact route-level notes privately rather than putting a revenue-impacting gateway detail directly in the PR thread.

Still no payment headers, signatures, private keys, account access, contract writes, or paid calls used.