惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Proofpoint News Feed
Recent Announcements
Recent Announcements
MongoDB | Blog
MongoDB | Blog
U
Unit 42
云风的 BLOG
云风的 BLOG
Recorded Future
Recorded Future
G
Google Developers Blog
I
InfoQ
Blog — PlanetScale
Blog — PlanetScale
A
About on SuperTechFans
Jina AI
Jina AI
量子位
宝玉的分享
宝玉的分享
The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 聂微东
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
美团技术团队
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tailwind CSS Blog
博客园 - 司徒正美
博客园 - 叶小钗
Hugging Face - Blog
Hugging Face - Blog
P
Palo Alto Networks Blog
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
The GitHub Blog
The GitHub Blog
Y
Y Combinator Blog
Vercel News
Vercel News
Martin Fowler
Martin Fowler
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Forbes - Security
Forbes - Security
Attack and Defense Labs
Attack and Defense Labs
Google DeepMind News
Google DeepMind News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
P
Privacy International News Feed
G
GRAHAM CLULEY
The Last Watchdog
The Last Watchdog
C
Cyber Attacks, Cyber Crime and Cyber Security
AI
AI
V2EX - 技术
V2EX - 技术

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Cloudflare and Stripe just let agents buy domains and ship code. Here is the API.
GDS K S · 2026-05-07 · via DEV Community

On April 30, Cloudflare quietly published a blog post and a docs page that nobody outside the agentic AI crowd noticed for about 24 hours. The headline buried a real shift. AI agents can now provision a Cloudflare account, register a domain, attach a Stripe payment method, deploy a Worker, and hand you back a live URL. With a single CLI command. With no human in the loop after you accept terms and add a card.

Stripe Projects is the open beta side. The Cloudflare Agents SDK is the runtime side. The protocol underneath is called Machine Payments Protocol (MPP), co authored by Tempo Labs and Stripe, with x402 (HTTP 402 Payment Required) doing the actual money plumbing. The whole thing went live this week.

This is the first time the major infra players have published a real specification for "agent buys thing, deploys thing, pays for thing" without manual intervention. The spec is short. The implications are not.

TL;DR

Capability Who provides it What it costs
Agent provisions Cloudflare account Cloudflare Agents SDK Free in beta
Agent registers domain Cloudflare Registrar via MPP At cost, $100/month default cap
Agent attaches payment Stripe Projects Card on file at parent Stripe account
Agent deploys Worker, Pages, R2 Workers platform Per usage, agent metered
Spending guardrail Per provider cap, default $100/month Caller controls

1. The protocol in one paragraph

Three components. Discovery is a REST/JSON catalog where each provider publishes what an agent can buy from them and at what price. Authorization uses identity attestation plus OAuth, so the agent calls under a delegated identity scoped to your Stripe project. Payment uses tokenization through Stripe with a default $100/month per provider spending cap, which you can raise or lower per project.

That is the whole protocol. The cleverness is that x402 turns "you owe money for this API call" into a normal HTTP response status. The agent sees a 402, looks up the price, decides if it can pay, and either pays or asks for a higher cap. No new wire format. No new auth scheme. Just HTTP.

2. The CLI command that started it

stripe projects init my-side-project

Enter fullscreen mode Exit fullscreen mode

That command does five things in sequence:

  1. Creates a Stripe Project (a sandboxed sub account scoped to one agent run)
  2. Provisions API credentials and an OAuth token for the agent
  3. Connects the project to your Stripe account's payment methods
  4. Sets a default monthly spend cap (you override with --cap 200)
  5. Outputs a .stripe-project.json that the Cloudflare Agents SDK reads

After that, an agent calls Cloudflare with the OAuth token, gets a workers account, registers myproject.dev, deploys a Worker, and emits the live URL. End to end, in the demos, around 90 seconds.

3. The code an agent runs

Here is roughly what the Cloudflare Agents SDK invocation looks like for an agent that builds and deploys a small TypeScript service. I have stripped error handling so the shape is visible.

import { CloudflareAgent } from "@cloudflare/agents-sdk";
import { StripeProjectAuth } from "@stripe/agents";

const auth = await StripeProjectAuth.fromEnv();
const cf = new CloudflareAgent({ auth });

// 1. Get or create an account
const account = await cf.accounts.ensure({ name: "demo-account" });

// 2. Buy a domain (this hits MPP under the hood, returns 402 first call)
const domain = await cf.registrar.purchase({
  name: "my-side-project.dev",
  budgetUsd: 12, // hard ceiling for this call
});

// 3. Deploy a Worker with the source
await cf.workers.deploy({
  account: account.id,
  name: "hello",
  script: `
    export default {
      async fetch(request) {
        return new Response("hi from an agent");
      }
    };
  `,
  routes: [{ pattern: `${domain.name}/*`, zone_id: domain.zone_id }],
});

// 4. Tell the human
console.log(`live at https://${domain.name}/`);

Enter fullscreen mode Exit fullscreen mode

Three points worth pulling out.

The budgetUsd parameter is per call. The Stripe Project's monthly cap is the global ceiling. So you have two layers: a per request budget (so the agent cannot accidentally spend $50 on a single domain it should not have bought) and a per provider cap (so the agent cannot spend more than $100 in a month total at Cloudflare). Both are enforced server side on Stripe's end. The agent cannot bypass them by editing client code.

The OAuth token from StripeProjectAuth.fromEnv() is scoped to the project. If you revoke the project, the token dies. There is no way for the agent to reach into your main Stripe account or your other projects.

The MPP 402 flow is invisible in the snippet above. Behind the scenes, the SDK retries the registrar call with a payment authorization header after seeing the 402. You can hook into that with a onPayment callback if you want a confirmation step. Most agents will not.

4. Where the safety story is real and where it is not

Real:

  • The $100 default cap is server enforced. Agent cannot raise it from inside the agent runtime.
  • OAuth scoping is per project, not per Stripe account. Compromise of a single agent run does not reach your other money.
  • The budgetUsd per call is a hard ceiling, not a hint.
  • Stripe ledger logs every cent. You see exactly which agent run spent what.

Not real:

  • The agent can still loop. A buggy agent that calls domain.purchase in a retry loop will hit the cap, but it will hit it fast. The cap stops the bleeding, not the bug.
  • The agent decides what to deploy. If the prompt was "build me a phishing kit", the agent will buy a domain and deploy a phishing kit. Cloudflare and Stripe screen for known abuse patterns, but the threat model is "agent acting on a legitimate user's behalf for an illegitimate purpose" and that is not solved.
  • The "stripe projects init" gives the agent a card. You authorized that card. If you give the agent a card that is also your personal card, the agent can spend up to the cap on stuff you would not have bought.

The mitigation pattern that works today: create a Stripe Project per agent run, attach a virtual card with a $100 balance, give the agent the project, and burn the project when the run finishes. You can script this in 10 lines.

5. What this changes in practice

Three things become possible that were not yesterday.

Agents that can finish. Most coding agents today produce a PR or a local file and stop there because deploying needs human credentials. With this, the agent can ship. That changes how you think about iteration: the loop is no longer "agent writes code, human deploys, human tests" but "agent writes, agent deploys, human reviews live".

Cost as a programmable signal. The 402 response with a price is data the agent can reason about. An agent that wants to register a domain can compare prices across registrars and pick the cheapest. An agent that needs storage can decide between R2 and S3 based on the per request fee. This is the first time price has been a first class API parameter in a way agents can actually use.

Per agent budgets as a defense layer. Today most teams running agents in production have a single API key with a monthly cap on the underlying model provider. With this, you can give each agent run its own scoped budget across compute, storage, and DNS at the same time. That is a much sharper control than you had before.

At Glincker we wired this in last night

Our internal agent that drafts and tests code for our content engine now has its own Stripe Project with a $25 weekly cap. It can register subdomains for staging tests, deploy preview Workers, and tear them down when the test finishes. Before, those steps required a human to provision and manually delete. The cap is the only thing standing between us and a runaway loop, and so far the cap has done its job.

The thing I was nervous about before flipping it on was a buggy retry loop burning $25 in 30 seconds. That has not happened, but I want to log a few hundred runs before I trust it. If you do this, log every 402 and every successful payment with the agent run ID. You will catch the loop the first time it happens.

The bottom line

This is the first agentic payment protocol from infrastructure providers that ships with real guardrails and a real spec. The spec is small enough to read on a Tuesday lunch. The implementation already works. The cap is not a substitute for thinking about the threat model, but it is a real cap.

If you build with agents, this is a control plane you have wanted for a year. If you do not, the existence of this protocol is a sign that the question "should agents spend money" has officially shifted to "how do we put the right limits on what they spend".

What are you about to give an agent a card for? I want to read the answer in the comments.


GDS K S · thegdsks.com · building Glincker · follow on X @thegdsks

Agents with a card change the threat model from "what can it do" to "what can it spend before you notice".