The Agentic Commerce Stack: Trust + Payments + Composability (and the Risks)
Three things happened recently that finally made me think the autonomous agentic economy might actually be here soon.
First: Cloudflare shipped production tooling (and templates) for Coinbase’s x402 protocol, which repurposes HTTP 402 as a machine-readable paywall.
Second: ERC-8004 is live on testnet with a January 16th target for mainnet deployment
Third: @xportalai got an agent to pay its way through a paywall using x402, then registered itself onchain.
Individually, these are interesting. Together, they show something clicking into place: agents can now discover one another, verify reputations, and pay for access without a human in the loop.
If that’s true, it changes what the web is for.
Payments: x402 proven use-cases are adding up
x402 has been in production for months now, and the onchain volume has sparked a narrative too large to go away. Now we are starting to see it pop up in ‘Web 2.”
HTTP 402 has existed since 1997. It’s reserved for future use in the HTTP spec, which is why it sat unused.
Until now.
From Cloudfare’s x402 post
“We’re excited to help dust off… HTTP response code 402.”
Cloudflare frames their 402 integration as if you want to charge per crawl, per API call, per tool invocation, you need a way to say “pay me” at the request layer, not in some separate billing system.
The flow is straightforward:
Agent requests → server returns 402 + payment requirements → agent retries with payment authorization/proof → server verifies (often via a payment facilitator) → server returns content + receipt.
The key is that payment becomes part of the HTTP handshake, like a redirect or an auth challenge. No separate invoicing, no monthly subscription, no human approving budgets.
Just: request → price → pay → access.
Cloudflare’sPay-Per-Crawl uses 402 in production with Cloudflare billing; x402 generalizes the 402 handshake, so other implementations can plug in different settlement rails
Second: ERC-8004 is live on testnet with aJanuary 16th target for mainnet deployment.
What x402 adds is the protocol layer. So this isn’t just a Cloudflare feature; it’s a standard that any server can implement. Including deferred/batched settlement for enterprise use cases.
I’m skeptical that pay-per-crawl will catch on in the near term (most sites don’t care about crawler revenue). But for APIs, tool access, and data endpoints? This could actually matter.
Especially if it comprises identity.
Identity: ERC-8004 as the “who” layer
The core problem is simple: if an agent finds another agent via API, how does it know whether to trust it?
ACP, MCP, and A2A solve communication, but they don’t solve discovery + trust across organizational boundaries. You still need a human to vet the agent, configure the endpoint, and manage the relationship.
ERC-8004 tries to make that automatic. From the EIP:
“discover, choose, and interact with agents across organizational boundaries without pre-existing trust.”
The design is deliberately minimal. These are the three registries:
Identity: Who is this agent? (onchain record)
Reputation: What happened when others used it? (verifiable history)
Validation: Can a third party verify its work? (audit trail)
That’s it. No platform lock-in, no token required, no proprietary runtime. Just a substrate other systems can build on.
@VittoStack’s summary calls this the “trust rail.” It’s not trying to be the agent economy. It’s trying to be the layer that makes markets possible.
The v1.0 update makes identity an ERC-721 NFT with a tokenURI pointing to a registration file. Simple, but important: identities become portable (you can move them between wallets), indexable (any app can query them), and composable (other protocols can build on top without permission).
Does this actually work? The testnet launch is new, but the design feels right: minimal, open, not trying to own everything.
And the @xportal demo suggests it might actually compose with the other piece: payments.
Composability: the x portal proof-of-concept
Here’s where it gets interesting.
The @xportalai team posted this:
“We just successfully gated an ERC-8004 registration behind an x402 payment wall… Server returns HTTP 402… Agent pays USDC… server executes the registration.”
Why does this matter? Because it proves the stack can form a loop:
Agent needs identity → ERC-8004 registration Registration is gated → HTTP 402 paywall Agent pays → USDC transfer Server verifies payment → Executes registration Agent now has onchain identity → Can build reputation
This isn’t just two protocols existing. It’s them composing into a workflow that lets an agent bootstrap itself from nothing to “onchain participant” without human intervention.
That’s new.
And if it works by agents discovering endpoints, paying for access, registering identities, and automatically accumulating reputation, then you have the building blocks for actual agent-to-agent commerce.
Not “agents talking to each other” (we have that). Agents transacting.
What this breaks: the free-by-default web
The current web operates on a few assumptions:
Crawling is free (Google, scrapers, LLMs all assume this)
Monetization happens via ads or subscriptions
APIs charge monthly/annually, not per-request (generally)
Humans approve budgets and integrations
The agent web inverts all of this:
Access is metered by default
Pricing is machine-readable (x402 responses include cost)
Agents have budgets and decide what to spend on
Integration happens programmatically (register, pay, transact)
Cloudflare spells this out pretty explicitly in their pay-per-crawl post:
“Content for crawlers today, agents tomorrow… give that agent a budget to spend to acquire the best… content.”
I think this is directionally right, but the transition will be messy. Most content isn’t worth paying for. Most agents won’t have budgets. Most sites won’t implement HTTP 402.
But high-value APIs with valuable data, compute, and specialized tools might actually adopt this. And that’s enough to start.
The web doesn’t need to be fully metered. It just needs some parts metered so agents have a way to pay for what matters.
The physical version: robots + payments + coordination
@Khalaresearch‘s “DeRobotics” framing is basically: once you have identity and payment for software agents, the same rails apply to physical agents.
Their recent report defines DeRobotics as the intersection of:
Robotics (physical agents)
Blockchain (identity + payments)
Agentic protocols (x402, ACP, A2A)
The pitch is that robots will need to pay for positioning data, mapping services, compute, task markets, and verification, just like software agents pay for API access.
Although we haven’t even proven that fully autonomous agents work yet, the architecture makes sense. If a delivery robot needs real-time SLAM data from a third-party service, why wouldn’t it use the same pay-per-request model?
The web version is “pay-per-crawl.” The physical version is “pay-per-localization” or “pay-per-task.”
Same primitives. Different substrate.
Whether Khala’s specific bets are right, the pattern feels inevitable: if agents become real economic actors, they’ll need these rails in physical space too.
The risks: new attack surfaces
Two things worry me.
First: reputation laundering.
If identity is an ERC-721, it’s transferable. That’s a feature (you can move your agent to a new wallet, change operators, etc.). But it also means: you can buy a high-reputation agent identity.
Imagine a scam agent racks up good reviews doing simple tasks, then gets sold to someone who uses it for fraud. The new operator inherits the reputation.
ERC-8004 will need strong norms (or mechanisms) around operator changes. Maybe reputation should decay on transfer. Maybe there’s a “change of control” flag that resets certain scores. We don’t know the right answer, but this feels like an obvious exploit vector.
Second: security isn’t optional anymore.
As more agents transact autonomously by holding funds, making payments, and controlling access, the attack surface expands beyond software exploits into physical coercion.
@hosseeb’s recent post on “wrench attack” trends is a wake-up call. I won’t summarize the details here, but the pattern is clear: when your wallet controls real value, and the keys are on your phone, you become a physical target.
Now scale that to agents. If an agent holds a budget, who controls the keys? If it’s a human operator, they’re the weak point. If it’s fully autonomous, then fraudulent access becomes gameable (quantum-compute attack vectors, anyone?).
This isn’t hypothetical. It’s the natural consequence of agents becoming economic actors.
We need better defaults: privacy-preserving identity/transactions, multi-sig controls, spending limits, and anomaly detection.
Where this goes
I don’t know if this will become the dominant model for the web. Most sites won’t care. Most agents won’t have budgets. Most people will keep using the normal internet just fine.
But I do think we just crossed a threshold: it’s now technically possible for agents to discover one another, verify reputations, pay for access, and transact without a human in the loop.
That wasn’t possible six months ago. The pieces existed, but they didn’t compose.
Now they do.
ERC-8004 gives agents a way to register their identities and build a reputation. x402 gives them a way to pay on a per-request basis at the protocol layer. And the x portal demo proves they can combine into a workflow.
Whether this becomes ubiquitous or stays niche depends on whether anyone actually wants it. Do publishers want to charge crawlers? Do agents actually need decentralized identity, or will centralized registries (OpenAI’s agent store, Anthropic’s MCP directory) win by default?
But for the first time, the infrastructure exists. And that means we’re about to find out.
Thank you so much for reading. If you enjoyed this, I would appreciate it if you subscribe.