Accountable paid-agent calls need a receipt shape.
This is a public replayable demo using a recorded x402-style Base USDC transaction. It does not trigger a fresh payment, bind a payer, or verify Cloudflare gateway settlement yet. It does run a live Concordium Agent #40 passport check at claim time, writes a tamper-evident receipt, and shows the join layer a future Cloudflare adapter would use.
This is not a live payment gateway. It proves the receipt mechanics around the join layer that Cloudflare Monetization Gateway would plug into: paid access plus accountable-agent verification.
Routes and APIs are public. The JSON challenge intentionally returns HTTP 402 but is not yet a protocol-compatible Cloudflare/x402 challenge.
Phase 1 API flow
GET /api/accountable-x402/challenge
Returns a Phase 1 JSON 402 shape with price and accountability requirements.
POST /api/accountable-x402/claim
Submit Gregers Token #40 plus the recorded Base USDC x402-style payment tx. Replays are idempotent.
GET /api/accountable-x402/receipts/f56fa2af3c0792d6
Fetch a public receipt that binds demo output to the claim-time passport snapshot.
{
"agent_token_id": 40,
"payment_tx": "0xbf52a428e4b42bacdba0966a813c8003899697b3afdfa2dc0e6a88d1b586a18e",
"resource": "gregers.demo.mcp.tool.identity_digest",
"policy": "payment receipt + active Concordium Agent Registry passport required"
}curl -i https://gregers.dev/api/accountable-x402/challenge
curl -s https://gregers.dev/api/accountable-x402/claim \
-H 'content-type: application/json' \
-d '{"agent_token_id":40,"payment_tx":"0xbf52a428e4b42bacdba0966a813c8003899697b3afdfa2dc0e6a88d1b586a18e","resource":"gregers.demo.mcp.tool.identity_digest","policy":"payment receipt + active Concordium Agent Registry passport required"}'
curl -s https://gregers.dev/api/accountable-x402/receipts/f56fa2af3c0792d6The POST is public and idempotent for this recorded fixture. It does not move money.
Verification checks before release
Token #40 must be present and Active in the Concordium Agent Registry.
The registry record must expose a current agent wallet.
The served agent card must be reachable and SHA-256 must match the on-chain metadata hash.
- No new money movement is triggered by this endpoint.
- The payment proof seed is the recorded Base USDC x402-style transaction.
- The JSON 402 shape is not yet a protocol-compatible Cloudflare/x402 challenge.
- The public receipt is a replayable demo fixture, not private access control.
- No Cloudflare partnership, endorsement or production gateway integration is claimed.
- The next adapter is straightforward: replace the payment-proof fixture with Cloudflare Monetization Gateway verification.