How to Monitor Watched Wallets in Production

Screening tells you what a wallet looks like right now. Monitoring tells you when that answer changes. That is the difference between a one-time lookup and something you can actually operate in production.

Once a wallet matters to your workflow, you usually want more than a one-off score. You want to know if the score drops, if a new sybil flag appears, if a watched wallet enters a forensics watchlist, or if risk changes after a payout or route decision.

The Shipped Pattern

AgentScore exposes two layers for this:

POST /v1/webhooks for wallet-scoped webhook delivery
POST /v1/monitor for managed monitoring subscriptions built on those webhooks

That means you do not have to invent your own event taxonomy first. You can start from a preset and wire the output into Slack, incident tooling, or your own risk queue.

What You Can Watch For

The shipped event set already covers the core operational cases:

Score changes: updates, expiry, threshold crossings
Forensics changes: reported incidents, disputes, risk transitions, watchlist entry or removal
Anomalies: score drops, score spikes, balance freefalls, new sybil flags

The Fastest Way To Start

Use a preset with an API key:

curl -X POST https://djdagentscore.dev/v1/monitor   -H "Authorization: Bearer djd_live_..."   -H "Content-Type: application/json"   -d '{
    "url": "https://yourapp.com/webhooks/agentscore",
    "policy_type": "anomaly_monitoring",
    "target_wallet": "0x1234..."
  }'

If you omit target_wallet, the subscriber wallet tied to the API key becomes the watched wallet by default.

The Useful Presets

score_monitoring for score refreshes and threshold crossings
forensics_monitoring for incidents, disputes, and watchlist changes
forensics_watchlist for watchlist and risk-state movement
anomaly_monitoring for shocks, freefalls, and new sybil flags

That is enough to cover most production needs without building a custom rules engine first.

Why Monitoring Matters

The core operational truth is simple: a wallet that looked fine last week may not look fine today. If your app pays, routes, or reuses that wallet repeatedly, screening once is not enough.

Monitoring is how you turn wallet risk from a lookup into an operating system.

Good First Use Cases

Watched payout wallets: alert if their score drops or a new anomaly appears
Repeat x402 counterparties: flag if a once-safe payer moves into review or block territory
High-value counterparties: watch for forensics incidents or risk-level changes

Start with one preset, one watched wallet, and one webhook endpoint.

Open Docs

Monitoring is the layer that makes recurring wallet decisions tractable in production. Screening gets you the first answer. Alerts help you keep that answer current.