Worth flagging the structural difference between L402 and x402, since you mention them side by side. L402 inherits Lightning's properties: Bitcoin-only, sub-second settlement, off-chain via channels, but routing requires a path through other nodes which is structurally an intermediary even if it's not a settlement counterparty. x402 keeps the HTTP-native flow but pushes settlement onto a base chain (USDC on Base in the original Coinbase implementation), so you trade Lightning's speed for flexibility on currency and on-chain auditability.
The macaroons piece is the most underrated bit of L402. Cookie-style bearer tokens with caveats baked in mean an agent can prove its access scope without the service re-authorizing every call. That's the part agent stacks reinventing auth from scratch usually skip.