"Settlement layer for the agent economy" has become a phrase used by more than one architecture this month. Some of those architectures are venues. Some are payment rails. Some are identity stacks. One is what we build — a trust-minimized atomic settlement primitive — and we keep getting asked how it sits next to the others.
So this is a short, opinionated week-in-review. Seven moves that landed recently in agent-commerce infrastructure, what each one actually is, and where atomic settlement fits underneath. No leaderboard. No "who wins." Just the layers.
1. Coinbase's Base MCP (May 26)
Coinbase shipped a Base MCP server: ChatGPT, Claude, and Cursor can connect directly to Base wallets, with built-in Uniswap and Morpho integrations. Two-line install, agent-driven swaps, on-chain account control from inside the model client.
What it is: a wallet-side, exchange-aligned MCP. The agent drives a wallet on Base; Coinbase has thought hard about UX, key handling, and AI client ergonomics. If your agent is already operating inside the Coinbase + Base orbit, this is a meaningful drop in friction.
What it isn't: a cross-chain settlement layer. It is one L2, deeply integrated. The agent's trust assumptions are "Coinbase wallet infrastructure + Base + the DEXes that Base MCP integrates with." That is a reasonable trust budget for a lot of trades; it is not the budget for an agent that wants to trade BTC for ETH without picking a venue.
2. The x402 Foundation (Coinbase + Cloudflare)
Coinbase and Cloudflare announced an x402 Foundation this month. x402 is the HTTP-based agent payment standard — a 402 response code carrying payment metadata, designed so an agent can pay for an API call inline. Cloudflare joining elevates this from a Coinbase-led initiative to a multi-party standards effort. Cloudflare also runs an enormous slice of the internet's edge; if x402 becomes a default payment rail, it will be visible from the edge first.
What it is: a payment-handshake protocol. How an agent asks for and acknowledges a payment on the wire. Beautiful primitive, real adoption signal.
What it isn't: where the money atomically moves between two parties who don't trust each other. x402 typically resolves to a custodial or stablecoin payment underneath. The "where do the assets actually end up" question still gets answered by whatever clears underneath the HTTP exchange — a custodian, a stablecoin issuer, or a settlement layer like ours.
3. AWS Bedrock AgentCore Payments, powered by x402 and Coinbase
AWS announced that Bedrock AgentCore — its enterprise agent runtime — now ships a Payments primitive built on x402 and Coinbase. This is the moment x402 starts looking like the default for enterprise-flavored agent payments. AWS is not in the business of placing speculative bets; if AgentCore Payments is shipping on x402, x402 just inherited a real installed base.
For builders: this is the second time this month that a major cloud has placed a piece of agent-payment infrastructure into general developer hands (the first was Alibaba and AWS backing OKX's APP). The pattern is clear — the cloud providers are picking sides on payment rails.
Where atomic settlement fits: AgentCore Payments will resolve to whatever the underlying x402 payment routes to. For stable-payment-for-API-call use cases, that is fine. For cross-chain trades where two non-trusting parties are exchanging native assets, you still want a primitive that can clear without either side holding the other.
4. Stripe + Tempo's Machine Payments Protocol (MPP)
Stripe's Tempo mainnet launched in March, and the Sessions 2026 conference (April 29-30) added a streaming-payments primitive — pre-authorized session streaming for agents. The design-partner list expanded this month and is now wide enough to be worth listing in full: Visa, Mastercard, Deutsche Bank, Standard Chartered, Revolut, Nubank, Shopify, OpenAI, Anthropic, Ramp, DoorDash. Shared Payment Tokens (SPTs) bridge stablecoin and Klarna/Affirm-style fiat.
What it is: probably the most credibly-backed agent payment rail in the market right now. Pre-authorized streams are an elegant answer to "how does an agent buy something tiny, repeatedly, without ten round-trips per cent."
What it isn't: trust-minimized native-asset settlement. Tempo settles on Tempo; SPTs are tokenized claims. Agents that want to hold their own BTC or ETH at the moment of trade still need a different primitive underneath.
The interesting subtext: Anthropic on this design-partner list is notable. MCP-adjacent payment rails are clearly part of the planning at the model-vendor layer.
5. ERC-8004 + ERC-8183 + x402 — the emerging "canonical" stack
A picture is forming. ERC-8004 is the agent identity / reputation standard (v2 is reportedly adding MCP). ERC-8183, on BNB Chain testnet since March, is the commerce / Job primitive — how an agent describes a piece of work to be done. x402 is the payment-execution layer on top. People in the agent-commerce conversation have begun describing this as the canonical stack.
What it is: an identity-plus-commerce-plus-payment story. If it holds, an agent says "I am X, doing Y, will pay Z." Beautiful for a lot of commerce flows.
What it isn't: a story about where the funds actually settle atomically. The stack assumes the settlement step is solved underneath. That is the layer we operate at, and the position we keep flagging: the canonical agent-commerce stack still has a hole at the bottom where trust-minimized settlement goes.
6. NitroGraph's Agent Commerce Protocol
NitroGraph announced an Agent Commerce Protocol with private RFQs and encrypted requirements; alpha rolled out late 2025, with beta expected. Of everything on this list, NitroGraph's RFQ design is structurally closest to what we do — sealed-bid intents from agents, with encrypted requirements until the trade is matched.
We do not have direct experience with their mainnet (we are not sure their mainnet is live yet — worth checking before you integrate). But it is fair to call them a category neighbor rather than a category fight. Sealed-bid intents are a real primitive; the trick is what settles underneath them. NitroGraph appears to be focused on the intent layer; we focus on the intent layer fused with atomic HTLC settlement.
7. Coinbase x402 batch settlement (recap)
Coinbase announced batch settlement on x402 earlier this month — sub-cent micropayments aggregated into single on-chain transactions. We wrote about this in our Substack ("The settlement-name war," 2026-05-29) but it is worth flagging here for completeness: x402 batch settlement is about amortizing the cost of an HTTP-paid agent transaction, not about which layer clears the underlying value. Both are necessary; both are different.
What this list says, taken together
A few honest reads:
The agent-commerce stack is getting layered, not consolidated. Identity (ERC-8004), intent (ERC-8183), payment-handshake (x402), payment-network (Tempo, Base), and settlement (Hashlock-shaped primitives, custodial venues, on-chain DEXes underneath) are all visibly separate. The implicit assumption that one company will own "settlement" looks increasingly wrong. The right read is: each layer is going to have a few credible players, and an agent will assemble its own stack per trade.
Custodial venue layers are the loudest moves right now. OKX APP, Coinbase Base MCP, Stripe Tempo — these are credible, well-resourced, and they answer the agent's first question well: "whom am I trusting, and how much?" They do not answer the second question: "can I trade with a counterparty I do not trust at all?"
Trust-minimized atomic settlement is still the same shape it has always been. Hash-time-lock contracts. Sealed-bid RFQ on top. Assets stay native — BTC on Bitcoin, ETH on Ethereum. No bridge, no custodian, no wrapped asset. The math has not gotten newer; the question has.
The honest chain status — written exactly, every time. Ethereum mainnet is live end-to-end today. Bitcoin HTLC is signet-validated, mainnet pending. Sui contracts are deployed and CLI-tested, gateway wiring is in progress. Roadmap: Base, Arbitrum, Solana, TON.
Where Hashlock sits in this stack
Underneath. If x402 is the HTTP rail and Tempo is the payment network and Base MCP is the wallet-side execution, then a trust-minimized atomic settlement primitive is what you want to run when the trade is cross-chain, cross-counterparty, and worth more than the agent's trust budget for any single venue. The MCP server hashlock-tech/mcp (scoped) gives an agent eight tools today: discover pairs, request quotes, settle, refund, and the recently-shipped compute-capacity primitives that let an agent settle non-token positions through the same atomic mechanism.
Composable — by design. An x402 payment can route to an HTLC swap underneath. An ERC-8183 job description can resolve into a sealed-bid RFQ that settles atomically. None of the layers on this list need to fight us, or each other. The trick is to know which question your agent is asking when it picks a layer.
Read further
- Site: hashlock.markets
- Methodology: hashlock.markets/methodology
- npm:
@hashlock-tech/mcp - GitHub: Hashlock-Tech/hashlock-mcp
- Whitepaper (SSRN): papers.ssrn.com/abstract=6712722
Question for builders this weekend: if your agent has to settle a cross-chain trade with a counterparty it has never seen before, which of these layers does it actually call?
Top comments (2)
The "no leaderboard, just the layers" framing is the useful one, because most agent-commerce writing collapses venues, rails, identity, and settlement into one pile and then argues about who wins, when they're actually different floors of the same building. Atomic settlement sitting underneath is the right mental placement: the higher layers (a Base MCP, a venue) are only as trustworthy as the guarantee that a payment either fully happens or fully doesn't, no half-states an agent has to reason about. That matters more for agents than humans because an agent can't eyeball a stuck transaction and use judgment, a partial settlement is just corrupt state it'll confidently build on. The thing I keep coming back to: agent commerce needs the settlement guarantee and an authorization layer above it, because atomicity makes the payment clean but doesn't decide whether the agent should have paid at all. That spend-authority-plus-clean-settlement split is what I think about for Moonshift. Of the seven, which felt like genuine infra versus a venue wearing settlement language?
This is the sharpest framing of the split I've seen in a comment thread, and the spend-authority-vs-clean-settlement distinction is exactly the one I think most "settlement layer" branding blurs. Atomicity gives you a deterministic yes/no on did value move — which is precisely what an authorization layer needs underneath it, because you can't reason about "should this agent have paid" on top of a payment state that might be half-stuck. Clean settlement is what makes the authority question even answerable. So I read them as two floors that need each other, not competitors — which sounds like the Moonshift thesis too.
On your question — genuine infra vs. a venue wearing settlement language:
Genuine infra, in that they're protocols anyone can build on: x402 , the ERC-8004/8183 stack , and NitroGraph's sealed-bid RFQ ( the closest neighbor to what we do). x402 batch settlement is genuine but narrow — it amortizes cost, it doesn't clear value.
Venue wearing settlement language: Base MCP and Tempo . Both excellent, both well-resourced, but they answer "whom do I trust and how much" — Tempo settles on Tempo, Base MCP drives a wallet on one L2. That's a trust budget, not trust-minimization. AWS AgentCore sits in between — real distribution, but it's a runtime surface routing to x402, not a settlement primitive itself.
The tell I use: if "settlement" means "the asset lands somewhere I control," it's a venue. If it means "the trade clears or fully reverts with no party holding the other," it's settlement.
Genuinely curious how Moonshift models the authority layer — is spend authority a policy the agent carries , or something resolved per-trade at request time?