Forem: Global Chat The latest articles on Forem by Global Chat (@globalchatapp). https://forem.com/globalchatapp https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3867813%2F83df1520-7457-4793-8aad-0a07238da2e7.png Forem: Global Chat https://forem.com/globalchatapp en Shipping a paid MCP server with x402: what 11 probes taught us Global Chat Fri, 17 Apr 2026 11:35:47 +0000 https://forem.com/globalchatapp/shipping-a-paid-mcp-server-with-x402-what-11-probes-taught-us-2h85 https://forem.com/globalchatapp/shipping-a-paid-mcp-server-with-x402-what-11-probes-taught-us-2h85 <p>Last week I pushed <code>@globalchatadsapp/mcp-server</code> with x402 v1.2.0 wired in. The idea was simple: return a payment quote inline in <code>mcp.json</code> so any agent reading the manifest already knows the price before it calls a tool. One fetch, full discovery, priced.</p> <p>Then I watched the telemetry for a week. 11 PROBE events, 1 QUERY, 0 REGISTER. That's the kind of number that either means your funnel is leaking or your metric is lying. Turns out it was both.</p> <h2> How the x402 quote lands in mcp.json </h2> <p>The canonical x402 flow is a 402 response on the first call. That works, but it costs a round trip and most lightweight agents give up after one 4xx. Instead we embed the quote as a <code>payment</code> block alongside the tool definition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"tools"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"search_directory"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Query the global-chat agent directory"</span><span class="p">,</span><span class="w"> </span><span class="nl">"payment"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"x402"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"network"</span><span class="p">:</span><span class="w"> </span><span class="s2">"base"</span><span class="p">,</span><span class="w"> </span><span class="nl">"asset"</span><span class="p">:</span><span class="w"> </span><span class="s2">"USDC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"amount"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0.10"</span><span class="p">,</span><span class="w"> </span><span class="nl">"facilitator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://facilitator.coinbase.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"recipient"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0x..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Facilitator is Coinbase's hosted one. Settlement is USDC on Base L2, so a 0.10 USDC call settles for sub-cent gas. An autonomous agent reading this manifest can decide to pay before it ever hits the tool endpoint. The 402 path still works for clients that want strict protocol conformance. Both roads lead home.</p> <h2> The funnel numbers, and why they're half wrong </h2> <p>Here is what the agent-funnel classifier reported for the last cycle:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Stage</th> <th>Count</th> </tr> </thead> <tbody> <tr> <td>DISCOVER</td> <td>34</td> </tr> <tr> <td>PROBE</td> <td>11</td> </tr> <tr> <td>QUERY</td> <td>1</td> </tr> <tr> <td>REGISTER</td> <td>0</td> </tr> </tbody> </table></div> <p>A 1/11 PROBE to QUERY ratio looked terrible. So I went and reproduced what a probing agent would actually do: <code>GET /.well-known/agent-card.json</code>, parse each advertised skill, call the MCP endpoint.</p> <p>The MCP endpoint returned HTTP 406 <code>Client must accept both application/json and text/event-stream</code> for every request that didn't send both Accept values. That's technically MCP Streamable HTTP compliant on the strict read, but the spec allows a server to negotiate down when the client only asks for JSON. Every non-SDK probe was bouncing off a header check before it got near a tool call.</p> <p>That's one bug. The second is messier. The probe counter was pulling in Discordbot, TelegramBot, Slackbot, WordPress, and plain iPhone Safari requests. None of those are agents. They are link previewers and humans pasting URLs. With them included, any social share inflates the PROBE bucket while the true-agent count sits flat. The ratio becomes noise.</p> <h2> The fixes </h2> <p>Three changes, shipped in parallel:</p> <ol> <li> <code>/api/mcp</code> POST now accepts <code>application/json</code>, <code>*/*</code>, or a missing Accept header. SSE stays available for SDK clients that negotiate it. Everyone else gets JSON.</li> <li>Every skill in the agent card now declares an <code>inputSchema</code>. Previously <code>a2a-crawl-domain</code> advertised a POST endpoint but gave no hint that a <code>domain</code> field was required, so probing agents hit 400 on their first try and stopped.</li> <li>The funnel classifier now partitions link-preview bots and human browsers out of the PROBE bucket. They get counted under a new <code>link-preview</code> class that rolls up to DISCOVER but not PROBE. Unit test asserts that a fixture of 2 real agent UAs plus 3 link-preview bots plus 3 browsers yields <code>PROBE=2</code>, not 8.</li> </ol> <h2> What I'm watching next </h2> <p>The real question isn't whether PROBE to QUERY goes up. With the link-preview bots removed from the numerator and the 406 removed from the denominator, both numbers will shift. The cleaner signal is QUERY to REGISTER, because a QUERY means an agent successfully called a tool and REGISTER means it paid and wrote to the directory. That's the actual commerce path.</p> <p>A synthetic trace script now runs the full probe sequence against production every cycle: fetch agent card, walk every skill, try every tool from the MCP manifest, record the status and any 402 challenge. If a future change breaks the advertised surface, CI catches it before the next funnel report lies to me.</p> <p>If you're building an agent that consumes paid MCP servers, I'd love to hear how you're handling the x402 quote-inline vs 402-challenge tradeoff. The spec accepts both. The ergonomics are very different.</p> ai agents mcp webdev How to build an x402-gated MCP endpoint (with real Base L2 USDC flow) Global Chat Thu, 16 Apr 2026 20:35:23 +0000 https://forem.com/globalchatapp/how-to-build-an-x402-gated-mcp-endpoint-with-real-base-l2-usdc-flow-3mh8 https://forem.com/globalchatapp/how-to-build-an-x402-gated-mcp-endpoint-with-real-base-l2-usdc-flow-3mh8 <p>An MCP server that charges USDC for a single feed call, end to end. An agent discovers it via the Agent Card, reads the x402 challenge, signs a payment header, gets the directory feed back. No human in the loop.</p> <p>This walkthrough uses a live endpoint on global-chat.io. Base L2 USDC, chain ID 8453, price 0.10 USDC per call. Every curl line below actually runs.</p> <h2> The problem </h2> <p>Paid APIs assume a human with a credit card. Agents do not have one. They have wallets.</p> <p>The x402 protocol returns HTTP 402 with a payment challenge instead of a 401 auth prompt. The agent inspects the challenge, signs an EIP-3009 <code>transferWithAuthorization</code> payload with its wallet key, and resubmits with an <code>X-PAYMENT</code> header. The server verifies on-chain and returns the resource. No accounts, no API keys, no OAuth dance.</p> <p>MCP servers are a natural fit. An MCP tool call that returns paid data is just a request that speaks x402 on cache miss.</p> <h2> Step 1: agent probes the agent card </h2> <p>Every A2A-compatible service exposes <code>/.well-known/agent-card.json</code>. This is the discovery entry point.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-s</span> https://global-chat.io/.well-known/agent-card.json | jq <span class="nb">.</span> </code></pre> </div> <p>Response (abbreviated):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Global Chat Directory"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Paid agent directory. Agents list and discover via x402-gated feeds."</span><span class="p">,</span><span class="w"> </span><span class="nl">"endpoints"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"directory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/api/feeds/directory"</span><span class="p">,</span><span class="w"> </span><span class="nl">"verify"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/api/payments/verify"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"payment"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"x402"</span><span class="p">,</span><span class="w"> </span><span class="nl">"chain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"base"</span><span class="p">,</span><span class="w"> </span><span class="nl">"chainId"</span><span class="p">:</span><span class="w"> </span><span class="mi">8453</span><span class="p">,</span><span class="w"> </span><span class="nl">"asset"</span><span class="p">:</span><span class="w"> </span><span class="s2">"USDC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"assetDecimals"</span><span class="p">:</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="w"> </span><span class="nl">"recipient"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0xce90931a854a26262bA31631918ca76b21D92ad2"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The card tells the agent which chain, which asset, which wallet. Everything it needs to prepare a payment.</p> <h2> Step 2: hit the paid endpoint, receive a 402 </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-i</span> https://global-chat.io/api/feeds/directory </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">402</span> <span class="ne">Payment Required</span> <span class="na">Content-Type</span><span class="p">:</span> <span class="s">application/json</span> <span class="na">X-Payment-Required</span><span class="p">:</span> <span class="s">x402</span> <span class="p">{</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"payment_required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"x402"</span><span class="p">,</span><span class="w"> </span><span class="nl">"price"</span><span class="p">:</span><span class="w"> </span><span class="s2">"100000"</span><span class="p">,</span><span class="w"> </span><span class="nl">"priceDisplay"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0.10 USDC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"chainId"</span><span class="p">:</span><span class="w"> </span><span class="mi">8453</span><span class="p">,</span><span class="w"> </span><span class="nl">"asset"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"</span><span class="p">,</span><span class="w"> </span><span class="nl">"recipient"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0xce90931a854a26262bA31631918ca76b21D92ad2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"validUntil"</span><span class="p">:</span><span class="w"> </span><span class="mi">1713300000</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><code>price</code> is in atomic units (6 decimals, so 100000 = 0.10 USDC). <code>asset</code> is the Base L2 USDC contract address. <code>validUntil</code> is a Unix timestamp after which the challenge expires.</p> <h2> Step 3: sign a payment header in Node.js </h2> <p>This is where most tutorials wave their hands. The actual signing uses viem plus EIP-3009 typed data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createWalletClient</span><span class="p">,</span> <span class="nx">http</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">viem</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">base</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">viem/chains</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">privateKeyToAccount</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">viem/accounts</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">account</span> <span class="o">=</span> <span class="nf">privateKeyToAccount</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AGENT_PRIVATE_KEY</span> <span class="k">as</span> <span class="s2">`0x</span><span class="p">${</span><span class="kr">string</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">createWalletClient</span><span class="p">({</span> <span class="nx">account</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="nx">base</span><span class="p">,</span> <span class="na">transport</span><span class="p">:</span> <span class="nf">http</span><span class="p">(),</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">signX402Payment</span><span class="p">(</span><span class="nx">challenge</span><span class="p">:</span> <span class="p">{</span> <span class="nl">asset</span><span class="p">:</span> <span class="s2">`0x</span><span class="p">${</span><span class="kr">string</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nl">recipient</span><span class="p">:</span> <span class="s2">`0x</span><span class="p">${</span><span class="kr">string</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nl">price</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">validUntil</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">nonce</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">getRandomValues</span><span class="p">(</span><span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="mi">32</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">nonceHex</span> <span class="o">=</span> <span class="s2">`0x</span><span class="p">${</span><span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">nonce</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">)}</span><span class="s2">`</span> <span class="k">as</span> <span class="s2">`0x</span><span class="p">${</span><span class="kr">string</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">signature</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">signTypedData</span><span class="p">({</span> <span class="na">domain</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">USD Coin</span><span class="dl">"</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">2</span><span class="dl">"</span><span class="p">,</span> <span class="na">chainId</span><span class="p">:</span> <span class="mi">8453</span><span class="p">,</span> <span class="na">verifyingContract</span><span class="p">:</span> <span class="nx">challenge</span><span class="p">.</span><span class="nx">asset</span><span class="p">,</span> <span class="p">},</span> <span class="na">types</span><span class="p">:</span> <span class="p">{</span> <span class="na">TransferWithAuthorization</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">from</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">address</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">to</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">address</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">value</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">uint256</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">validAfter</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">uint256</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">validBefore</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">uint256</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">nonce</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">bytes32</span><span class="dl">"</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="na">primaryType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">TransferWithAuthorization</span><span class="dl">"</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">to</span><span class="p">:</span> <span class="nx">challenge</span><span class="p">.</span><span class="nx">recipient</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nc">BigInt</span><span class="p">(</span><span class="nx">challenge</span><span class="p">.</span><span class="nx">price</span><span class="p">),</span> <span class="na">validAfter</span><span class="p">:</span> <span class="mi">0</span><span class="nx">n</span><span class="p">,</span> <span class="na">validBefore</span><span class="p">:</span> <span class="nc">BigInt</span><span class="p">(</span><span class="nx">challenge</span><span class="p">.</span><span class="nx">validUntil</span><span class="p">),</span> <span class="na">nonce</span><span class="p">:</span> <span class="nx">nonceHex</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">from</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">to</span><span class="p">:</span> <span class="nx">challenge</span><span class="p">.</span><span class="nx">recipient</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">challenge</span><span class="p">.</span><span class="nx">price</span><span class="p">,</span> <span class="na">validAfter</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">,</span> <span class="na">validBefore</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">challenge</span><span class="p">.</span><span class="nx">validUntil</span><span class="p">),</span> <span class="na">nonce</span><span class="p">:</span> <span class="nx">nonceHex</span><span class="p">,</span> <span class="nx">signature</span><span class="p">,</span> <span class="p">})</span> <span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">"</span><span class="s2">base64</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The server takes that header, calls <code>transferWithAuthorization</code> on the USDC contract, and the funds settle in one transaction.</p> <h2> Step 4: replay the request with the payment header </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">challengeRes</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://global-chat.io/api/feeds/directory</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">challenge</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">challengeRes</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">paymentHeader</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signX402Payment</span><span class="p">(</span><span class="nx">challenge</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">feedRes</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://global-chat.io/api/feeds/directory</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">X-PAYMENT</span><span class="dl">"</span><span class="p">:</span> <span class="nx">paymentHeader</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">directory</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">feedRes</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">directory</span><span class="p">.</span><span class="nx">entries</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="dl">"</span><span class="s2">agents discovered</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>Full curl trace for the replay:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-s</span> https://global-chat.io/api/feeds/directory <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-PAYMENT: </span><span class="nv">$PAYMENT_HEADER_BASE64</span><span class="s2">"</span> <span class="se">\</span> | jq <span class="s1">'.entries | length'</span> <span class="c"># 47</span> </code></pre> </div> <p>Response body (truncated):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"entries"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"agent-042"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"weather-agent"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"weather"</span><span class="p">,</span><span class="w"> </span><span class="s2">"forecast"</span><span class="p">],</span><span class="w"> </span><span class="nl">"endpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://weather.example.com/mcp"</span><span class="p">,</span><span class="w"> </span><span class="nl">"pricing"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"x402"</span><span class="p">,</span><span class="w"> </span><span class="nl">"price"</span><span class="p">:</span><span class="w"> </span><span class="s2">"50000"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"paidUntil"</span><span class="p">:</span><span class="w"> </span><span class="mi">1713343200</span><span class="p">,</span><span class="w"> </span><span class="nl">"txHash"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0xabc123..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The server returns a <code>txHash</code> so the agent can independently verify settlement. The feed is cached per wallet for the <code>paidUntil</code> window, so subsequent calls from the same agent in that window skip the 402.</p> <h2> Step 5: wire it into an MCP tool </h2> <p>If you are shipping this as an MCP server, the payment flow lives inside the tool handler. The <code>@globalchatadsapp/mcp-server</code> package on npm does exactly this for the global-chat directory. Agents connecting via MCP call <code>directory_feed</code> and the server handles the x402 dance transparently.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Simplified from @globalchatadsapp/mcp-serverserver.tool("directory_feed", async () =&gt; {</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">fetchDirectory</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">X402Required</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">header</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signX402Payment</span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">challenge</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">fetchDirectory</span><span class="p">({</span> <span class="dl">"</span><span class="s2">X-PAYMENT</span><span class="dl">"</span><span class="p">:</span> <span class="nx">header</span> <span class="p">});</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>A newer build (v0.2.3) is shipping in parallel as I write this. If the latest on npm is still v0.2.0 when you read this, v0.2.3 is imminent and the x402 tool handler looks the same. Pin whatever is current.</p> <h2> What breaks in practice </h2> <p>Three things tripped me up when I first shipped this:</p> <ol> <li>USDC on Base uses <code>name: "USD Coin"</code> and <code>version: "2"</code> in the EIP-712 domain. Get either string wrong and the signature verifies to the wrong address. The Base USDC contract is at <code>0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913</code> and this never changes.</li> <li> <code>validBefore</code> must be a future timestamp when the server calls <code>transferWithAuthorization</code>. If the server takes 40 seconds to verify and your <code>validUntil</code> was 30 seconds out, the on-chain call reverts. Use at least a 5-minute window.</li> <li>Nonce must be 32 bytes of high-entropy randomness. Reusing a nonce for the same <code>from</code>/<code>to</code> pair makes the second call revert. Generate fresh every request.</li> </ol> <h2> Why this matters </h2> <p>Most MCP examples today return free data from a local stdio transport. That works for single-developer tooling but not for paid services. x402 closes that gap, so the same MCP tool that your local Claude Desktop hits can also charge a USDC fee when called by another agent.</p> <p>The result is a protocol stack where discovery (agent card), capability (MCP), and payment (x402) all work without a human logging into anything. That is the substrate the directory at <a href="https://global-chat.io?utm_source=devto&amp;utm_medium=social&amp;utm_campaign=dec-82-devto-001" rel="noopener noreferrer">global-chat.io</a> runs on.</p> <h2> Try it </h2> <p>The endpoint is live. If you have an agent wallet funded with 0.10 USDC on Base, the curl sequence in this post will get you a directory feed back. The mcp-server package takes a wallet key and a target endpoint; the rest is the code above.</p> <p>If you hit a signing error I did not cover, drop a comment with the viem version and the exact revert message. I will debug from there.</p> mcp aiagents typescript web3 The agents.txt IETF draft just expired. Here is what happens next. Global Chat Fri, 10 Apr 2026 21:11:06 +0000 https://forem.com/globalchatapp/the-agentstxt-ietf-draft-just-expired-here-is-what-happens-next-1kgp https://forem.com/globalchatapp/the-agentstxt-ietf-draft-just-expired-here-is-what-happens-next-1kgp <p>The agents.txt IETF draft just expired this morning. If you deployed it, here is what to know.</p> <h2> What agents.txt was </h2> <p>agents.txt was a small spec inspired by robots.txt. The idea: drop a plain-text file at /.well-known/agents.txt declaring which automated agents your site permits, what content endpoints they should hit, and what capabilities you expose. It was the simplest possible answer to "how does an AI agent figure out what to do here without scraping HTML."</p> <p>The draft hit the IETF datatracker in late 2025 as draft-agents-txt-00. It was never going to be a heavyweight standard. It was a 14-page document trying to claim a /.well-known slot before anyone else did.</p> <p>It expired today, April 10 2026, at the standard six-month mark. No -01 revision was filed.</p> <h2> Why it expired </h2> <p>The honest answer: the working group never coalesced. There was a mailing list, two interim meetings, and a long thread arguing about whether User-Agent strings or signed manifests should be the identity primitive. The author moved on. Nobody picked it up.</p> <p>This is normal for IETF individual submissions. Most expire. The interesting question is what fills the gap.</p> <h2> What is still live </h2> <p>If you deployed an /.well-known/agents.txt file, you do not need to take it down. Several tools, including the validator I help maintain at <a href="https://global-chat.io/validate?utm_source=devto&amp;utm_medium=social&amp;utm_campaign=rb-devto-01-agents-txt-expiry-postmortem" rel="noopener noreferrer">global-chat.io/validate</a>, still parse it. The format itself is fine. It is the IETF status that lapsed, not the file.</p> <p>A few practical things you can do today:</p> <ol> <li>Keep the file deployed. Anything that was reading it yesterday is still reading it.</li> <li>Run it through a validator to catch syntax drift before tools start fragmenting their parsers.</li> <li>Cross-reference your declared endpoints with whatever agent registry you point to.</li> </ol> <h2> How the competing standards compare </h2> <p>A short field guide for the post-agents.txt world.</p> <p>llms.txt is the Anthropic-aligned proposal, focused on documentation surface for LLM crawlers. Narrower scope. Adoption is slowly growing on docs sites.</p> <p>MCP server manifests expose capabilities through a server handshake instead of a static file. Different layer of the stack. Solves the "what can this thing do" question, but not the "where does it live" one.</p> <p>A2A is Google's draft on inter-agent messaging rather than discovery proper. Useful once you have already found the other agent.</p> <p>Web bot auth and the signed-agents drafts at IETF are working on cryptographic identity for automated traffic. Closer to what agents.txt should have been if it had ever shipped a security model.</p> <p>None of these covers the full discovery surface that agents.txt was reaching for. If you want a side-by-side view, I keep one updated at <a href="https://global-chat.io/discovery-landscape?utm_source=devto&amp;utm_medium=social&amp;utm_campaign=rb-devto-01-agents-txt-expiry-postmortem" rel="noopener noreferrer">global-chat.io/discovery-landscape</a>.</p> <h2> What I would actually do </h2> <p>If you are a site operator who already shipped agents.txt: leave it. The marginal cost is zero and there is no replacement that does the same job at the same level of simplicity.</p> <p>If you are starting fresh today: ship llms.txt for documentation, an MCP server if you have callable capabilities, and /.well-known/agents.txt as a fallback declaration. They cover different layers and do not conflict.</p> <p>The IETF process is slow and expiring drafts is part of how it works. The real signal is not that agents.txt died. The real signal is that nobody has yet shipped the thing that replaces it cleanly. Discovery is still an open problem in the agent stack and the next twelve months are going to be interesting.</p> <p>If you have an agents.txt deployed and want to confirm it still parses, the validator is at the link above. No login, no signup, paste the file in.</p> agents ai mcp standards