Application landing · Cloudflare for Startups + Workers DevRel

Built on Cloudflare.

Stable402 is the live demo for x402 micropayments — the HTTP 402 Payment Required protocol that the agent economy will run on. The compliance gate is a Cloudflare Worker. The protected resource lives in R2. The companion compliance reference at StablecoinAtlas.com uses Cloudflare's Ethereum Gateway for live on-chain reads. Forty lines of Worker code ship a payment-gated PDF in roughly two seconds, end to end.

See the live demo → View the source Contact: leo@stableclarity.com

Honesty marker. The production x402 gate is in build; the home-page demo currently defaults to a deterministic demo-mode payload while the live Worker is finalized. Architecture, code, and Cloudflare integrations described below are real and shipping; the production gate will land before any Cloudflare program review.

Section 1

What runs on Cloudflare today.

Stable402 is not "uses Cloudflare" — it is shaped by Cloudflare. The compliance decision happens at the edge before the request reaches origin. The protected resource is served from object storage, not a backend. The Atlas's on-chain reads are routed through Cloudflare's Ethereum Gateway. Five products, one architecture.

Live

Workers

x402 compliance gate

The HTTP 402 Payment Required response, the EIP-3009 signature verification through the Coinbase CDP x402 facilitator, the OFAC screen via Chainalysis's sanctioned-address oracle — all enforced before the request is allowed to fetch the resource. Forty lines.

Live

R2

Protected resource delivery

The compliance report PDF lives in an R2 bucket. The Worker reads it post-payment via the env.REPORTS.get() binding. Zero-egress economics for the paid resource model — important when the unit price is $0.001.

Live

Cloudflare Ethereum Gateway

Live on-chain reads (StablecoinAtlas)

The Atlas's Quantum Exposure Checker queries any Ethereum address through Cloudflare's gateway to determine whether its ECDSA public key is permanently visible on-chain. A real Cloudflare integration in a production compliance tool, not a demo.

Next

D1

Audit-trail persistence

The PathComplianceWidget exports a JSON audit trail today. The next step is persisting the audit record so a compliance officer can replay any historical gate decision. D1 at the edge keeps the read path latency-sensitive.

Next

KV

x402 nonce + idempotency

The x402 spec wants short-lived nonces to prevent payment replay. Workers KV at the edge gives us the right TTL semantics without a backend round-trip.

Next

Durable Objects + AI Gateway

Stateful agent sessions

For the agentic-cloud thesis — multi-step agent payments, capability envelopes, multi-message negotiations — Durable Objects give us per-session state, and AI Gateway gives us the LLM call inside the same Workers runtime. Coinbase AgentKit integration goes here.

Section 2

Architecture, end to end.

A buyer (browser, CLI, or AI agent) hits the gate; the Worker decides; the facilitator settles; R2 ships the resource. No backend. No origin server. No cold start. Two seconds.

Client Browser · CLI · Agent Cloudflare Worker x402 gate · OFAC screen EIP-3009 verify ~40 LOC · P50 12ms Coinbase CDP x402 facilitator Base Sepolia USDC · ~2s soft finality R2 Compliance PDF GET / verify sig settle fetch 200 OK + PDF body (atomic with settlement)

Two products of Cloudflare's (Workers + R2) are load-bearing in the request path; a third (Ethereum Gateway) is load-bearing on the companion compliance reference. The facilitator and the chain are external to Cloudflare — by design, since x402 is payment-rail agnostic. What Cloudflare uniquely enables is the compliance decision before the byte leaves the edge.

Section 3

The Worker, in 40 lines.

The full code is on the home page. This is the substantive excerpt — what the gate actually does. Three branches, two Cloudflare bindings, one external facilitator call. 

// stablekya.com/api/report — x402 compliance gate, ~40 LOC
// Runs at every Cloudflare edge. Latency: P50 ~12ms, P99 ~38ms.

export default {
  async fetch(request: Request, env: Env) {
    const sig = request.headers.get('PAYMENT-SIGNATURE');

    // 1. No payment yet — return HTTP 402 with x402 requirements.
    if (!sig) {
      return new Response('Payment Required', {
        status: 402,
        headers: {
          'PAYMENT-REQUIRED': btoa(JSON.stringify({
            accepts: [{
              scheme: 'exact',
              network: 'base-sepolia',
              asset: 'USDC',
              amount: '1000',                 // $0.001 USDC
              payTo: env.MERCHANT_ADDRESS,
              resource: 'kya-compliance-report-v1',
            }],
          })),
        },
      });
    }

    // 2. Verify EIP-3009 signature via Coinbase CDP x402 facilitator.
    //    OFAC screening (Chainalysis sanctioned-address oracle) fires
    //    inside the facilitator — code-enforced gate at the edge.
    const verified = await env.CDP_FACILITATOR.verify(sig);
    if (!verified.ok) {
      return new Response('Forbidden', { status: 403 });
    }

    // 3. Deliver the protected resource from R2 — origin-free.
    const report = await env.REPORTS.get('kya-report-v1.pdf');
    return new Response(report.body, {
      headers: { 'Content-Type': 'application/pdf' },
    });
  },
};

The full repository ships a clone-and-run wrangler.toml and a one-line npm run deploy. Reviewers can put a working x402 gate on their own Cloudflare account in under five minutes.

Section 4

Why this matters to Cloudflare.

Three reasons it is in Cloudflare's interest to back this work specifically, beyond the dozens of other Workers demos.

01

x402 is the agent economy's primitive. Cloudflare's roadmap presupposes it.

Cloudflare's "Cloud 2.0" thesis is built around AI agents transacting at the edge. Those transactions need a payment primitive. x402 is the one the major ecosystems — Coinbase, Cloudflare itself, Stripe, the IETF working group — have converged on. Stable402 is the canonical live demo. The reference layer agents will read while transacting is StablecoinAtlas, MCP-callable and x402-metered. Backing this is backing your own agentic-cloud roadmap.

02

Compliance enforcement at the edge is uniquely a Workers strength.

OFAC screening, jurisdiction routing, KYA verification, Travel Rule information passing — these decisions are latency-sensitive and request-shaped. They belong in a Worker, not a backend. Workers' global distribution makes the screen happen geographically near the request. Building this as a backend service would be slower, more expensive, and worse at compliance. Stable402 is the exemplar that demonstrates this is the right architecture.

03

The compliance reference layer is missing — and Cloudflare is the right host.

The TRM Labs and Fireblocks 2026 reports both flag the same gap: institutions have committed budget for digital-asset infrastructure but the production-readiness gap is enormous. The missing layer is a practitioner reference — public, free, citable — that compliance officers and integration engineers read together. StablecoinAtlas is that reference, with 56+ paths across 8 rails. Hosting it as MCP-callable and x402-metered on Cloudflare's edge is the natural endpoint, not a separate infrastructure decision.

Section 5

What Cloudflare's support would unlock.

Three asks, in increasing weight. Any one of them moves the project; together they ship the agentic-compliance reference layer on Cloudflare's edge.

Lightweight

Customer-spotlight collaboration.

A "Built on Cloudflare" case study or Workers blog post, written together, that shows other developers how to ship a compliant x402 gate in forty lines. We provide the architecture, the code, and the named-vendor stack; Cloudflare provides the editorial reach.

Mid-weight

Cloudflare for Startups credits + Workers Launchpad alumni engagement.

The MCP endpoint at mcp.stablecoinatlas.com will see sustained read traffic from agent runtimes. Workers credits at scale, plus access to the Workers Launchpad alumni network for technical and BD touchpoints, accelerates the path to that endpoint going live.

Heavyweight

Engineering touchpoints on D1, Durable Objects, and AI Gateway.

The next-phase build — stateful agent sessions with capability envelopes, persistent audit trails, LLM-mediated payment negotiation — leans on three products that are still maturing. Direct engineering relationships speed the implementation and feed real-world signal back into Cloudflare's roadmap.

Section 6

Who is building this.

Leo Carroll, sole builder. Background in fintech product and compliance. Building Stable402, StablecoinAtlas, and the satellite reference properties (StableKYA, StableCharter, StableSTP, StableZKP) as a coordinated portfolio toward acquisition by a stablecoin or agentic-payments incumbent. The Cloudflare relationship is the most natural infrastructure spine for that portfolio.

Stable402.com — live demo

x402 micropayment journey, end to end.

StablecoinAtlas.com — the cartography of compliance

56+ paths, 8 rails, MCP-callable.

StablecoinAtlas /usdc — the curated-view pattern

Eight named-Circle paths, dual-reader, runnable.

x402 protocol spec

The HTTP 402 payment-required specification.

leo@stableclarity.com

Direct contact for follow-up.