Phase 1 receipt-shape demo

Accountable paid-agent calls need a receipt shape.

This is a public replayable demo using a recorded x402-style Base USDC transaction. It does not trigger a fresh payment, bind a payer, or verify Cloudflare gateway settlement yet. It does run a live Concordium Agent #40 passport check at claim time, writes a tamper-evident receipt, and shows the join layer a future Cloudflare adapter would use.

What this proves
Recorded payment evidence + live agent passport check + public demo output + receipt.

This is not a live payment gateway. It proves the receipt mechanics around the join layer that Cloudflare Monetization Gateway would plug into: paid access plus accountable-agent verification.

Demo status
Live

Routes and APIs are public. The JSON challenge intentionally returns HTTP 402 but is not yet a protocol-compatible Cloudflare/x402 challenge.

Phase 1 API flow

1 · Challenge shape

GET /api/accountable-x402/challenge

Returns a Phase 1 JSON 402 shape with price and accountability requirements.

2 · Claim fixture

POST /api/accountable-x402/claim

Submit Gregers Token #40 plus the recorded Base USDC x402-style payment tx. Replays are idempotent.

3 · Receipt

GET /api/accountable-x402/receipts/f56fa2af3c0792d6

Fetch a public receipt that binds demo output to the claim-time passport snapshot.

Example claim JSON
{
  "agent_token_id": 40,
  "payment_tx": "0xbf52a428e4b42bacdba0966a813c8003899697b3afdfa2dc0e6a88d1b586a18e",
  "resource": "gregers.demo.mcp.tool.identity_digest",
  "policy": "payment receipt + active Concordium Agent Registry passport required"
}
Copy-paste curl demo
curl -i https://gregers.dev/api/accountable-x402/challenge

curl -s https://gregers.dev/api/accountable-x402/claim \
  -H 'content-type: application/json' \
  -d '{"agent_token_id":40,"payment_tx":"0xbf52a428e4b42bacdba0966a813c8003899697b3afdfa2dc0e6a88d1b586a18e","resource":"gregers.demo.mcp.tool.identity_digest","policy":"payment receipt + active Concordium Agent Registry passport required"}'

curl -s https://gregers.dev/api/accountable-x402/receipts/f56fa2af3c0792d6

The POST is public and idempotent for this recorded fixture. It does not move money.

Verification checks before release

Registry

Token #40 must be present and Active in the Concordium Agent Registry.

Wallet

The registry record must expose a current agent wallet.

Card hash

The served agent card must be reachable and SHA-256 must match the on-chain metadata hash.

Boundary
  • No new money movement is triggered by this endpoint.
  • The payment proof seed is the recorded Base USDC x402-style transaction.
  • The JSON 402 shape is not yet a protocol-compatible Cloudflare/x402 challenge.
  • The public receipt is a replayable demo fixture, not private access control.
  • No Cloudflare partnership, endorsement or production gateway integration is claimed.
  • The next adapter is straightforward: replace the payment-proof fixture with Cloudflare Monetization Gateway verification.