Tutorials, comparisons and design patterns for building autonomous agents that self-fund, call 345+ models and orchestrate MCP Tools.
The Agentic Commerce Protocol from OpenAI and Stripe defines how ChatGPT buys goods on your behalf. We read the spec: the five checkout_sessions endpoints, the signed delegate_payment call that mints a scoped vault token, and Stripe's Shared Payment Token. Then we contrast its card-custodial model with x402's non-custodial stablecoin rail.
Payments week for autonomous agents: the Linux Foundation took over x402 with Visa, Mastercard, Stripe and Circle onboard; a Visa-Artemis report drew the line between card macro-commerce and stablecoin micro-commerce; Binance wired x402 into its agentic wallet; and Zscaler documented agents making crypto payments to attackers via prompt injection.
x402 moves the money; the Bazaar answers the prior question: which endpoint, at what price, with what schema? We read the CDP discovery layer end to end — settle-time indexing with no registration step, the three HTTP surfaces, the discovery MCP server, the seller and buyer SDK calls, and the cracks that still show.
x402 and EIP-3009 are single-chain settlement primitives. When an agent holds USDC on Base but the service wants it on Arbitrum, you need settlement mobility. CCTP V2 burns native USDC on the source chain and mints it on the destination, and Hooks let one transaction pay the service atomically on arrival. A technical read of depositForBurn, finality thresholds, and how it composes with x402.
The default agent wallet is an EOA, and an EOA key has one spending limit: everything. This is a deep dive into the on-chain layer that fixes it — ERC-4337 smart accounts, session keys, the ERC-7715/7710 permission standards, Coinbase Spend Permissions, paymasters that pay gas in USDC, and the asset-enforced spend mandate on the horizon.
A2A carries the message, AP2 shapes it, x402 settles it. The A2A x402 extension wires the three together with a five-state payment machine over the A2A Task lifecycle. We read the v0.1 spec: identifiers, data structures, metadata keys, and the security rules that keep private keys away from the model.
MCP's authorization specification makes remote servers OAuth 2.1 resource servers and clients OAuth 2.1 clients. We walk the 401 discovery flow, RFC 9728 Protected Resource Metadata, RFC 8707 resource indicators, the confused-deputy prohibition, and what it all means for agents that pay per call.
x402 gets the headlines, but the real work happens one layer down. EIP-3009's transferWithAuthorization is the signed authorization that moves stablecoins gaslessly. We read the spec, the typehashes, the front-running trap, and where the model runs out of room.