外掛標籤
開發者團隊
原文外掛簡介
NanoTrans Agent Paywall is an agent-native paywall plugin that enables AI agents to automatically discover and purchase WordPress content using the x402 payment protocol with USDC stablecoin on the Base Network (Ethereum L2).
Key Features:
Dual Access – Humans pay via browser wallet (MetaMask); AI agents pay automatically via x402 protocol
x402 Protocol – Industry-standard HTTP 402 payment flow with EIP-712 signatures
USDC Payments – Stablecoin payments on Base Network (low gas fees, fast settlement)
Agent Discovery – /.well-known/x402 endpoint for automatic content discovery
Gutenberg Block – Visual paywall block editor with price configuration
Batch Payments – Purchase up to 20 articles in a single transaction
Admin Dashboard – Revenue tracking, anomaly detection, emergency controls
MCP Server – Compatible with Claude, Cursor, and other MCP clients
Real-time Notifications – SSE-based payment alerts
Permanent Access – One-time payment grants permanent access via signed wallet cookie
How It Works:
Publisher sets content prices using the Gutenberg paywall block
AI agent requests content and receives HTTP 402 with payment requirements
Agent signs USDC payment via EIP-712
x402 Facilitator verifies payment on-chain
Content is delivered as structured JSON
For Content Publishers:
Set per-article prices in USDC
Dynamic pricing (agent vs human, time-based)
Revenue dashboard with real-time analytics
Automatic fund distribution via Splitter contracts
For AI Agent Developers:
MCP server for Claude/Cursor integration
OpenClaw SKILL.md for agent skill registration
Structured JSON API responses
Spending limits and audit logging
External services
This plugin relies on the following third-party services to process x402 micropayments. Payments cannot be verified or settled without them. All connections are opt-in: no outbound network call is made until the site administrator explicitly enables the Facilitator Proxy connection in Settings > NanoTrans and saves the settings.
1. NanoTrans Facilitator Proxy (Cloudflare Worker)
What it is: A Cloudflare Worker operated by NanoTrans that brokers authenticated requests to the Coinbase CDP x402 Facilitator. It signs requests with CDP credentials on your behalf so site owners do not need to manage CDP API keys.
What data is sent, and when: Only after the site administrator opts in (checks “Enable Facilitator Proxy connection” in Settings > NanoTrans and saves the settings). On the first save after opt-in, the plugin sends the site URL to register the site and receive an API key. During each payment attempt, it forwards x402 payment headers (EIP-712 signed USDC transfer authorization, payer wallet address, transaction hash, amount, recipient address) to verify and settle the payment.
Default endpoint: https://nanotrans-facilitator-proxy.celee.workers.dev/ (configurable via the NANOTRANS_FACILITATOR_URL constant in wp-config.php).
Terms of service: https://www.cloudflare.com/website-terms/
Privacy policy: https://www.cloudflare.com/privacypolicy/
2. Coinbase Developer Platform (CDP) x402 Facilitator
What it is: Coinbase’s official x402 Facilitator service that verifies EIP-712 USDC transfer authorizations and submits settled transfers on the Base Network.
What data is sent, and when: Only during a payment attempt after Facilitator Proxy opt-in. The Cloudflare Worker forwards the signed USDC transfer authorization and payment requirements (payer address, receiver address, USDC amount, network ID, nonce, signature) so CDP can validate and broadcast the on-chain settlement.
Endpoint: https://api.cdp.coinbase.com/platform/v2/x402
Terms of service: https://www.coinbase.com/legal/cloud/terms-of-service
Privacy policy: https://www.coinbase.com/legal/privacy
3. Base Network JSON-RPC (public endpoint)
What it is: A public JSON-RPC endpoint for Base Mainnet and Base Sepolia used to read on-chain transaction receipts and verify that a USDC transfer has been confirmed.
What data is sent, and when: Only after a payment attempt. The plugin issues read-only RPC calls (eth_getTransactionReceipt, eth_call) with the submitted transaction hash and USDC contract address.
Endpoint: https://mainnet.base.org (Base Mainnet) and https://sepolia.base.org (Base Sepolia).
Terms of service: https://www.base.org/terms-of-service
Privacy policy: https://www.coinbase.com/legal/privacy
4. Bundled ethers.js provider URLs (not called by this plugin)
The ethers.js library bundled at assets/js/ethers.umd.min.js is the official upstream UMD build from https://github.com/ethers-io/ethers.js (version 6.16.0, MIT licensed). That bundle contains hard-coded provider URLs for common block explorers (listed below) as part of its default provider list.
This plugin does NOT call any of these URLs. It only uses ethers.js for EIP-712 signing and USDC contract read/write through the user’s browser wallet (MetaMask or compatible) and the configured Base Network RPC endpoint listed above.
No Etherscan/Arbiscan/Basescan API keys are configured, requested, or stored by this plugin.
Domains present in the ethers.js bundle for reference (NOT contacted by this plugin):
https://api.etherscan.io
https://api-goerli.etherscan.io
https://api-sepolia.etherscan.io
https://api-holesky.etherscan.io
https://api.arbiscan.io
https://api-goerli.arbiscan.io
https://api.basescan.org
If a user integrates a custom ethers.js provider pointing to one of these endpoints, the operator of that endpoint is responsible for its own terms and privacy policy. For the default ethers.js usage in this plugin, no connection is made to any of them.
ethers.js upstream license: https://github.com/ethers-io/ethers.js/blob/main/LICENSE.md
No personal data (email, real name, IP logs) is sent to any of these services. Wallet addresses are pseudonymous blockchain identifiers required for USDC transfer settlement.
Privacy Policy
NanoTrans Agent Paywall processes the following data:
Wallet addresses: Stored in the transactions table for payment verification and receipt lookup. Wallet addresses are pseudonymous blockchain identifiers, not directly linked to personal identity.
User-Agent strings: Stored for request routing (human vs agent detection). Retained with transaction records.
IP addresses: Used for rate limiting only (via WordPress transients). Not permanently stored.
Wallet cookies: After a successful payment, an HMAC-signed cookie is set to grant permanent access to purchased content. The cookie contains a wallet address hash and a timestamp; no personal data is stored.
This plugin does not use third-party tracking services and does not collect email addresses or personal information.
For GDPR compliance, transaction records containing wallet addresses can be exported or deleted via the WordPress admin dashboard.
