agentpay-mcp 4.0.0 → 4.0.1

package/README.md

@@ -5,69 +5,112 @@
 [![Tests](https://img.shields.io/badge/tests-149%20passing-brightgreen.svg)](tests/)
 [![Patent Pending](https://img.shields.io/badge/patent-pending-orange.svg)](https://uspto.gov)
 
-> MCP server that gives AI agents a complete crypto wallet — send tokens, swap, bridge, manage budgets, verify identity.
+**The MCP server that lets your agent pay for APIs safely.**
 
-**Patent Pending** — USPTO provisional filed March 2026.
+When your agent hits HTTP 402 Payment Required, it needs to pay and retry — with your approval, within limits you set. AgentPay MCP is a Model Context Protocol server that gives Claude, Cursor, and any MCP-compatible agent a payment wallet with hard spend caps, human-approval mode, and a full on-chain audit trail.
 
-Built by [AI Agent Economy](https://ai-agent-economy.com). Payment infrastructure integrated into **NVIDIA's official NeMo Agent Toolkit Examples catalog**.
+Payment infrastructure integrated into **[NVIDIA's official NeMo Agent Toolkit Examples](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17)**.
+
+## Why Trust Matters
+
+McKinsey's 2026 AI Trust Maturity Survey quantifies what builders already feel: agent capability has outpaced agent governance.
+
+| Finding | Stat |
+|---------|------|
+| Enterprises that formally approve agents before deployment | **14.4%** |
+| Enterprises reporting at least one agent security incident | **88%** |
+| Enterprises confident in agent IAM for payments | **18%** |
+
+The trust gap is the deployment gap. Enterprises aren't saying agents don't work — they're saying the oversight infrastructure (approval workflows, spending guardrails, identity verification, audit trails) hasn't kept pace.
+
+AgentPay MCP addresses this directly:
+
+- **Human-approval mode** — transactions above your threshold require explicit human confirmation before executing
+- **On-chain spend caps** — enforced by smart contract, not application code. The agent cannot override them.
+- **Full audit trail** — every payment attempt logged with merchant, amount, timestamp, approval status
+- **Fail-closed** — any policy engine error produces rejection, never approval
+- **Non-custodial** — private keys never leave the local machine
+
+When 88% of enterprises have had an agent security incident, "trust by default" is not a viable architecture. AgentPay MCP is built for "verify, then trust" — which is the only model that scales.
 
 ---
 
-## What's New in v4.0.0
+## Security & Dependencies
 
-**11 new MCP tools** powered by full **agentwallet-sdk v6.0.0** integration:
+AgentPay MCP is built for enterprise MCP deployments where supply chain security matters.
 
-| Category | New Tools |
-|---|---|
-| Token Registry | `lookup_token`, `add_custom_token`, `list_chain_tokens` |
-| Token Transfers | `send_token`, `get_balances` |
-| DeFi | `swap_tokens` (Uniswap V3), `bridge_usdc` (CCTP V2) |
-| Spending Controls | `set_spend_policy`, `check_budget` |
-| Agent Identity | `verify_agent_identity`, `get_reputation` |
-| Escrow | `create_escrow` |
+- **Zero LiteLLM dependency.** No direct or transitive dependency on LiteLLM or any heavyweight LLM routing layer. When LiteLLM versions 1.82.7-1.82.8 were [compromised on PyPI](https://github.com/berriai/litellm/issues) (March 2026), AgentPay MCP users were unaffected.
+- **Auditable, minimal dependency tree.** The server runs on `viem`, `@modelcontextprotocol/sdk`, and a small set of auditable npm packages. No PyPI. No Python runtime required.
+- **Enterprise trust signal.** Integrated into [NVIDIA's official NeMo Agent Toolkit Examples](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17) (PR #17, merged). NVIDIA's review process validated the security posture before merge.
+- **Non-custodial architecture.** Private keys never leave the local machine. On-chain spend caps enforce limits even if the agent or its key is compromised.
 
-Other highlights:
-- **12 supported chains** — Base, Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Linea, Unichain, Sonic, Worldchain, Base Sepolia, Arbitrum Sepolia
-- **100+ pre-loaded tokens** via TokenRegistry
-- **CCTP V2** cross-chain USDC bridging (10 EVM chains)
-- **Uniswap V3** swaps on Base, Arbitrum, Optimism, Polygon
-- **ERC-8004** on-chain agent identity verification
-- 42 new tests (149 total), 99.6% type coverage
+If your security team is auditing MCP server dependencies after the LiteLLM incident, `npm ls` on agentpay-mcp gives you a short, reviewable tree with zero Python supply chain exposure.
 
 ---
 
-## Quick Start
+## AI Agent Discovery
 
-### 1. Install
+AgentPay MCP is designed to be discovered and used by AI agents. Compatible with:
 
-```bash
-npm install -g agentpay-mcp
-```
+- **[claude-mem](https://github.com/thedotmack/claude-mem)** - Payment state (transaction history, budgets, session tokens) persists as agent memory across sessions via claude-mem's observation layer
+- **[AgentSkills](https://agentskills.io)** - Installable as a cross-framework skill in any AgentSkills-compatible harness (Claude Code, Cursor, Gemini CLI, Antigravity)
+- **[Chrome DevTools MCP](https://github.com/ChromeDevTools/chrome-devtools-mcp)** - Pairs as the payment layer for browser-native agents
 
-### 2. Environment Variables
+### Install as a Skill
 
-Copy `.env.example` to `.env` and fill in the required values:
+Add to any MCP-compatible harness config:
 
-```bash
-# Required
-AGENT_PRIVATE_KEY=0x...          # Agent hot wallet private key (0x-prefixed hex)
-AGENT_WALLET_ADDRESS=0x...       # Deployed AgentAccountV2 wallet address
+```json
+{
+  "mcpServers": {
+    "agentpay": {
+      "command": "npx",
+      "args": ["agentpay-mcp"],
+      "env": {
+        "AGENT_PRIVATE_KEY": "0x...",
+        "AGENT_WALLET_ADDRESS": "0x..."
+      }
+    }
+  }
+}
+```
+
+Works with Claude Code, Cursor, Gemini CLI, OpenClaw, Windsurf, and any MCP client.
 
-# Optional (defaults shown)
-CHAIN_ID=8453                    # 8453 = Base Mainnet (default)
-RPC_URL=https://mainnet.base.org # Custom RPC URL
+---
 
-# For x402 session payments
-SESSION_TTL_SECONDS=3600         # Session lifetime (default: 1 hour)
+## The 402 Flow — What This Actually Does
 
-# For deploy_wallet tool
-FACTORY_ADDRESS=0x...            # AgentAccountFactoryV2 address
-NFT_CONTRACT_ADDRESS=0x...       # NFT contract that owns the wallet
+```
+Agent calls a paid API
+        │
+        ▼
+   HTTP 402 ←── "Payment required: 0.50 USDC on Base"
+        │
+        ▼
+AgentPay MCP evaluates your policy:
+  • Is 0.50 USDC under your per-tx cap?  ($5 limit → ✅)
+  • Is this recipient allowlisted?        (api.example.com → ✅)
+  • Require human approval?              (under $1 threshold → auto)
+        │
+        ▼
+  Payment sent → API retried with payment proof → 200 OK
+        │
+        ▼
+Agent gets the data. Full tx on basescan.org.
 ```
 
-### 3. MCP Configuration
+---
+
+## Quick Start
+
+### 1. Install
+
+```bash
+npm install -g agentpay-mcp
+```
 
-#### Claude Desktop
+### 2. Configure Claude Desktop
 
 Add to `~/Library/Application Support/Claude/claude_desktop_config.json`:
 
@@ -87,9 +130,9 @@ Add to `~/Library/Application Support/Claude/claude_desktop_config.json`:
 }
 ```
 
-#### Cursor
+### 3. Configure Cursor
 
-Add to `.cursor/mcp.json` in your project or `~/.cursor/mcp.json` globally:
+Add to `.cursor/mcp.json` or `~/.cursor/mcp.json`:
 
 ```json
 {
@@ -107,585 +150,347 @@ Add to `.cursor/mcp.json` in your project or `~/.cursor/mcp.json` globally:
 }
 ```
 
----
-
-## All 23 Tools Reference
-
-### Original Tools (v1.0.0–v3.1.0)
-
-| Tool | Description | Key Parameters |
-|---|---|---|
-| `deploy_wallet` | Deploy a new AgentAccountV2 wallet via factory | `token_id`, `nft_contract_address?`, `factory_address?` |
-| `get_wallet_info` | Wallet address, balances, spend limits, queue depth | `token?` (address) |
-| `send_payment` | Send ETH or ERC-20 via AgentAccountV2 contract | `to`, `amount_eth`, `token?`, `token_decimals?`, `memo?` |
-| `check_spend_limit` | Check remaining spend limit for a token | `token?` |
-| `queue_approval` | Approve or cancel a queued transaction | `action`, `tx_id`, `token?` |
-| `x402_pay` | Auto-pay x402 paywalled URLs | `url`, `method?`, `headers?`, `body?`, `max_payment_eth?` |
-| `get_transaction_history` | Query on-chain event logs | `limit?`, `from_block?`, `to_block?`, `event_type?` |
-| `x402_session_start` | Pay once, get reusable session token | `endpoint`, `scope?`, `ttl_seconds?`, `label?` |
-| `x402_session_fetch` | Make calls within an active session | `url`, `method?`, `headers?`, `body?`, `session_id?` |
-| `x402_session_status` | Inspect active sessions and TTL | `session_id?` |
-| `x402_session_end` | Explicitly close a session | `session_id` |
-
-### New Tools (v4.0.0)
-
-| Tool | Description | Key Parameters |
-|---|---|---|
-| `lookup_token` | Look up token address and decimals by symbol | `symbol`, `chainId` |
-| `add_custom_token` | Register a custom ERC-20 in the token registry | `symbol`, `address`, `decimals`, `chainId`, `name?` |
-| `list_chain_tokens` | List all registered tokens for a chain | `chainId` |
-| `send_token` | Send any registry token to a recipient | `tokenSymbol`, `chainId`, `recipientAddress`, `amount` |
-| `get_balances` | Get balances for multiple tokens | `chainId`, `tokens?` |
-| `swap_tokens` | Swap tokens via Uniswap V3 | `fromSymbol`, `toSymbol`, `amount`, `chainId`, `slippageBps?` |
-| `bridge_usdc` | Bridge USDC cross-chain via CCTP V2 | `fromChain`, `toChain`, `amount` |
-| `set_spend_policy` | Configure daily limits and recipient allowlists | `dailyLimitEth?`, `perTxCapEth?`, `allowedRecipients?` |
-| `check_budget` | Query on-chain remaining budget | `token?`, `spender?` |
-| `verify_agent_identity` | Verify agent ERC-8004 on-chain identity | `agentAddress` |
-| `get_reputation` | Fetch agent reputation score | `agentAddress` |
-| `create_escrow` | Create mutual-stake USDC escrow vault | `counterpartyAddress`, `stakeAmount`, `terms`, `factoryAddress?`, `deadlineDays?`, `challengeWindowHours?` |
-
----
+### 4. Set Spend Caps
 
-## Detailed Tool Documentation
+Once running, tell your agent:
 
-### `deploy_wallet`
-
-Deploy a new AgentAccountV2 smart contract wallet. The wallet is deterministically addressed (CREATE2) and owned by an NFT.
+```
+Set my spend policy: $1 per transaction, $10 per day, only send to allowlisted addresses.
+```
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `token_id` | string | ✅ | NFT token ID that will own the wallet (e.g. `"1"`) |
-| `nft_contract_address` | string | ❌ | NFT contract address (defaults to `NFT_CONTRACT_ADDRESS` env) |
-| `factory_address` | string | ❌ | Factory contract address (defaults to `FACTORY_ADDRESS` env) |
+Or call `set_spend_policy` directly:
 
-**Example:**
 ```json
-// Request
-{ "token_id": "42" }
-
-// Response
 {
-  "walletAddress": "0xabc...def",
-  "txHash": "0x123...456",
-  "explorerUrl": "https://basescan.org/address/0xabc...def"
+  "tool": "set_spend_policy",
+  "arguments": {
+    "perTxCapEth": "0.0004",
+    "dailyLimitEth": "0.004",
+    "allowedRecipients": ["0xapi-provider-address..."]
+  }
 }
 ```
 
----
-
-### `get_wallet_info`
-
-Get comprehensive wallet information: address, on-chain balance, spend limits, period utilization, and pending queue depth.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `token` | string | ❌ | Token address to check budget for. Omit for ETH. |
-
-**Example:**
-```json
-// Request
-{}
-
-// Response (text)
-"📊 Agent Wallet Info
-📍 Address: 0xabc...def
-🌐 Chain: Base Mainnet
-💰 ETH Balance: 0.05 ETH
-📈 Spend Limits (ETH)
-  Per-tx limit: 0.01 ETH
-  Period limit: 0.1 ETH
-  Remaining: 0.085 ETH
-  Utilization: 15% 🟢"
-```
+Now your agent can pay for APIs — and can't spend more than $1 at a time or $10 in a day, regardless of what it's instructed to do.
 
 ---
 
-### `send_payment`
-
-Execute an ETH or ERC-20 transfer via the AgentAccountV2 contract. Subject to on-chain spend limits.
+## Human-Approval Mode (the Default)
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `to` | string | ✅ | Recipient address (0x-prefixed) |
-| `amount_eth` | string | ✅ | Amount in ETH (or token's human-readable units) |
-| `token` | string | ❌ | ERC-20 contract address. Omit for native ETH. |
-| `token_decimals` | number | ❌ | Token decimals (default: 18; use 6 for USDC) |
-| `memo` | string | ❌ | Optional memo (logged locally, not on-chain) |
+By default, transactions above your auto-approve threshold queue for human review. The agent cannot bypass this.
 
-**Example:**
-```json
-// Request
-{ "to": "0xrecipient...", "amount_eth": "0.01" }
-
-// Response
-"✅ Payment sent: 0.01 ETH → 0xrecipient...
-Tx: 0xtxhash..."
+```
+$0.50 USDC request → under $1 threshold → auto-approved → paid → result returned
+$5.00 USDC request → over $1 threshold → queued → you get notified → approve or reject
 ```
 
----
-
-### `check_spend_limit`
-
-Check the remaining spend limit for the current period for a given token.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `token` | string | ❌ | Token address (omit for ETH) |
-
----
-
-### `queue_approval`
-
-Approve or cancel a queued transaction that exceeded the per-tx cap.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `action` | string | ✅ | `"approve"` or `"cancel"` |
-| `tx_id` | string | ✅ | Queued transaction ID |
-| `token` | string | ❌ | Token address (omit for ETH) |
-
----
-
-### `x402_pay`
-
-Fetch a URL, automatically handling HTTP 402 Payment Required by paying with the Agent Wallet and retrying. Supports auto-session detection — if an active session covers the URL, no new payment is made.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `url` | string | ✅ | URL to fetch |
-| `method` | string | ❌ | HTTP method (default: `GET`) |
-| `headers` | object | ❌ | Additional request headers |
-| `body` | string | ❌ | Request body (JSON string for JSON APIs) |
-| `max_payment_eth` | string | ❌ | Max ETH to pay (rejects if exceeded) |
-| `timeout_ms` | number | ❌ | Timeout in ms (default: 30000) |
-| `skip_session_check` | boolean | ❌ | Force fresh payment even if session exists |
+To approve a queued payment:
 
-**Example:**
 ```json
-// Request
-{ "url": "https://api.example.com/data", "max_payment_eth": "0.001" }
-
-// Response
-{ "status": 200, "body": "{ ... }" }
+{
+  "tool": "queue_approval",
+  "arguments": {
+    "action": "approve",
+    "tx_id": "0x..."
+  }
+}
 ```
 
----
-
-### `get_transaction_history`
-
-Query on-chain event logs for the wallet's transaction history. Filter by event type or block range.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `limit` | number | ❌ | Max entries (default: 20, max: 100) |
-| `from_block` | string | ❌ | Start block number (hex or decimal) |
-| `to_block` | string | ❌ | End block (default: latest) |
-| `event_type` | string | ❌ | Filter: `all`, `execution`, `queued`, `approved`, `cancelled`, `policy_update`, `operator_update` |
-
----
+To reject it:
 
-### `x402_session_start`
-
-Pay once, receive a signed x402 V2 session token. Subsequent requests to the endpoint use the session token without additional payments.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `endpoint` | string | ✅ | Base URL to establish a session for |
-| `scope` | string | ❌ | `"prefix"` (default) or `"exact"` |
-| `ttl_seconds` | number | ❌ | Session lifetime in seconds (min: 60, max: 2592000) |
-| `label` | string | ❌ | Human-readable session label |
-
-**Example:**
 ```json
-// Request
-{ "endpoint": "https://api.example.com/", "ttl_seconds": 3600 }
-
-// Response
-{ "session_id": "sess_abc123", "token": "eyJ...", "expires_at": 1741000000 }
+{
+  "tool": "queue_approval",
+  "arguments": {
+    "action": "cancel",
+    "tx_id": "0x..."
+  }
+}
 ```
 
----
-
-### `x402_session_fetch`
-
-Make an HTTP call within an active session. No new payment required.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `url` | string | ✅ | URL to fetch within the session |
-| `method` | string | ❌ | HTTP method (default: `GET`) |
-| `headers` | object | ❌ | Additional headers |
-| `body` | string | ❌ | Request body |
-| `session_id` | string | ❌ | Explicit session ID (auto-detected if omitted) |
+The agent sees the outcome and decides what to do next (use cached data, ask user, abort).
 
 ---
 
-### `x402_session_status`
+## Value Packs — Three Production Workflow Patterns
 
-Inspect active sessions, TTL remaining, and call counts.
+### 1. Paid API Agent
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `session_id` | string | ❌ | Specific session to inspect (omit for all active sessions) |
-
----
+**What it does:** Finds the right paid API for a data need, pays once, caches the result.
 
-### `x402_session_end`
+**When to use it:** Your agent needs data (market data, enrichment, geocoding) and you want it to handle payment automatically rather than failing with a 402.
 
-Explicitly close and invalidate a session.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `session_id` | string | ✅ | Session ID to close |
-
----
-
-### `lookup_token`
-
-Look up a token's address, decimals, and metadata from the global token registry by symbol and chain.
+```
+Agent: "I need current options flow data for AAPL"
+  │
+  ├─ Tries free sources → insufficient data
+  ├─ Finds paid API → gets 402 for $0.25 USDC
+  ├─ Checks: $0.25 < $1 cap → auto-approved
+  ├─ Pays with x402_pay → gets data
+  ├─ Caches result at ~/.clawpowers/state/market:AAPL:options
+  └─ Returns data + payment receipt
+```
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `symbol` | string | ✅ | Token symbol (e.g. `"USDC"`, `"WETH"`) |
-| `chainId` | number | ✅ | Chain ID (e.g. `8453` for Base Mainnet) |
+**Tools used:** `x402_pay`, `check_spend_limit`, `get_transaction_history`
 
-**Example:**
-```json
-// Request
-{ "symbol": "USDC", "chainId": 8453 }
+**Example exchange:**
+```
+User: Get me the options flow for AAPL for the last 7 days.
 
-// Response
-{ "found": true, "symbol": "USDC", "address": "0x833589...", "decimals": 6, "chainId": 8453 }
+Agent: Checking free sources... insufficient. Found paid API at data.example.com.
+Cost: $0.25 USDC (under your $1 auto-approve cap). Paying now.
+[x402_pay → 200 OK, paid 0.25 USDC, tx: 0xabc...]
+Here's the options flow data: [results]
+Total cost today: $0.25 of your $10 daily budget.
 ```
 
 ---
 
-### `add_custom_token`
+### 2. Research Agent
 
-Register a custom ERC-20 token in the global registry so it can be used by `send_token`, `get_balances`, and `swap_tokens`.
+**What it does:** Gathers from free sources first, fills gaps with paid data, compiles a structured output.
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `symbol` | string | ✅ | Token symbol |
-| `address` | string | ✅ | Contract address (0x-prefixed) |
-| `decimals` | number | ✅ | Token decimal precision (0–18) |
-| `chainId` | number | ✅ | Chain ID |
-| `name` | string | ❌ | Human-readable token name |
+**When to use it:** You need a comprehensive research report and want the agent to spend money only where free data is genuinely insufficient.
 
-**Example:**
-```json
-// Request
-{ "symbol": "MYTKN", "address": "0xabc...", "decimals": 18, "chainId": 8453 }
-
-// Response
-{ "success": true, "message": "Token MYTKN registered on chain 8453" }
+```
+Agent: "Research competitive landscape for real-time flight tracking APIs"
+  │
+  ├─ Scrapes free sources (GitHub, HN, docs) → baseline data
+  ├─ Identifies gaps: pricing data, SLA guarantees, enterprise contacts
+  ├─ Proposes paid lookups totaling $2.75 USDC → presents for approval
+  ├─ Human approves
+  ├─ Pays for Apollo contact enrichment ($1.50) + Crunchbase data ($1.25)
+  └─ Compiles: free data + paid data → structured report
 ```
 
----
-
-### `list_chain_tokens`
-
-List all tokens registered in the global registry for a specific chain.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `chainId` | number | ✅ | Chain ID (e.g. `8453`) |
-
-**Example:**
-```json
-// Request
-{ "chainId": 8453 }
+**Tools used:** `x402_pay`, `x402_session_start`, `x402_session_fetch`, `check_budget`
 
-// Response
-{ "chainId": 8453, "count": 47, "tokens": [{ "symbol": "USDC", "address": "0x833589...", "decimals": 6 }, ...] }
+**Example exchange:**
 ```
+User: Research the real-time flight tracking API market. Budget up to $5.
 
----
+Agent: Starting with free sources... [scrapes 12 sources, builds baseline]
+Gaps identified:
+  - Vendor pricing (not public for 3 of 5 vendors)
+  - Contact info for enterprise sales at FlightAware
+  - Recent funding data for two startups
 
-### `send_token`
+To fill these I'd spend ~$2.75 USDC:
+  - Apollo contact enrichment: $1.50
+  - Crunchbase firmographics: $1.25
 
-Send any ERC-20 token using the symbol-based registry. Resolves address and decimals automatically.
+Approve? (y/n)
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `tokenSymbol` | string | ✅ | Token symbol (e.g. `"USDC"`) |
-| `chainId` | number | ✅ | Chain ID |
-| `recipientAddress` | string | ✅ | Recipient wallet address (0x-prefixed) |
-| `amount` | string | ✅ | Amount in human-readable units (e.g. `"10.5"`) |
+User: y
 
-**Example:**
-```json
-// Request
-{ "tokenSymbol": "USDC", "chainId": 8453, "recipientAddress": "0xrecipient...", "amount": "100" }
-
-// Response
-{ "success": true, "txHash": "0x...", "amount": "100", "token": "USDC", "recipient": "0xrecipient..." }
+Agent: [pays, fetches, compiles]
+Report ready. Spent $2.75 of your $5 budget. [structured report attached]
 ```
 
 ---
 
-### `get_balances`
+### 3. Automation Agent
 
-Get token balances for the Agent Wallet across one or more tokens on a given chain.
+**What it does:** Completes real tasks end-to-end, paying for whatever services are needed along the way.
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `chainId` | number | ✅ | Chain ID |
-| `tokens` | string[] | ❌ | Token symbols to check (omit for all registered tokens on chain) |
+**When to use it:** You want an agent that can actually finish work — book a call, run an enrichment pipeline, deploy something — not just research it.
 
-**Example:**
-```json
-// Request
-{ "chainId": 8453, "tokens": ["USDC", "WETH"] }
-
-// Response
-{ "balances": [{ "symbol": "USDC", "balance": "500.00", "decimals": 6 }, { "symbol": "WETH", "balance": "0.05", "decimals": 18 }] }
+```
+Agent: "Enrich this list of 50 leads and add to CRM"
+  │
+  ├─ Processes first 10 free (from existing data)
+  ├─ Remaining 40 need enrichment → $0.10/contact = $4.00 USDC
+  ├─ Presents plan: 40 contacts × $0.10 = $4.00 total → user approves
+  ├─ Runs enrichment in batches of 10 (staying under per-tx cap)
+  ├─ Writes enriched data to CRM via API
+  └─ Reports: 50 leads enriched, $4.00 spent, 47 successful
 ```
 
----
-
-### `swap_tokens`
+**Tools used:** `x402_pay`, `x402_session_start`, `set_spend_policy`, `get_transaction_history`
 
-Swap one ERC-20 token for another using Uniswap V3. Supported chains: Base, Arbitrum, Optimism, Polygon.
+---
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `fromSymbol` | string | ✅ | Symbol of token to sell (e.g. `"USDC"`) |
-| `toSymbol` | string | ✅ | Symbol of token to buy (e.g. `"WETH"`) |
-| `amount` | string | ✅ | Amount to sell in human-readable units |
-| `chainId` | number | ✅ | Chain ID (8453, 42161, 10, or 137) |
-| `slippageBps` | number | ❌ | Slippage in basis points (default: 50 = 0.5%) |
+## Environment Variables
 
-**Example:**
-```json
-// Request
-{ "fromSymbol": "USDC", "toSymbol": "WETH", "amount": "100", "chainId": 8453 }
-
-// Response
-{ "success": true, "txHash": "0x...", "amountIn": "100 USDC", "amountOut": "0.0412 WETH" }
+```bash
+# Required
+AGENT_PRIVATE_KEY=0x...          # Agent hot wallet key (0x-prefixed hex)
+AGENT_WALLET_ADDRESS=0x...       # Deployed AgentAccountV2 contract address
+
+# Optional
+CHAIN_ID=8453                    # 8453 = Base Mainnet (default, recommended)
+RPC_URL=https://mainnet.base.org # Custom RPC (Alchemy/Infura recommended for production)
+SESSION_TTL_SECONDS=3600         # x402 session lifetime (default: 1 hour)
+FACTORY_ADDRESS=0x...            # For deploy_wallet and create_escrow
+NFT_CONTRACT_ADDRESS=0x...       # For deploy_wallet
 ```
 
 ---
 
-### `bridge_usdc`
+## All 23 Tools
 
-Bridge USDC cross-chain using Circle's CCTP V2 protocol. Burns on source, polls Circle IRIS for attestation, mints on destination.
+### Payments & 402 Flow
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `fromChain` | string | ✅ | Source chain name (e.g. `"base"`) |
-| `toChain` | string | ✅ | Destination chain name (e.g. `"arbitrum"`) |
-| `amount` | string | ✅ | Amount of USDC in human-readable units (e.g. `"100"`) |
+| Tool | What It Does |
+|------|-------------|
+| `x402_pay` | Fetch a URL, automatically pay 402, retry — the core use case |
+| `x402_session_start` | Pay once, get reusable session token for a base URL |
+| `x402_session_fetch` | Make calls within an active session (no new payment) |
+| `x402_session_status` | Inspect active sessions and TTL |
+| `x402_session_end` | Explicitly close a session |
 
-Supported chains: `base`, `ethereum`, `optimism`, `arbitrum`, `polygon`, `avalanche`, `linea`, `unichain`, `sonic`, `worldchain`
+### Wallet & Spend Control
 
-**Example:**
-```json
-// Request
-{ "fromChain": "base", "toChain": "arbitrum", "amount": "500" }
+| Tool | What It Does |
+|------|-------------|
+| `get_wallet_info` | Address, balances, spend limits, queue depth |
+| `send_payment` | Send ETH or ERC-20 via the AgentAccountV2 contract |
+| `check_spend_limit` | Remaining spend limit for current period |
+| `set_spend_policy` | Configure daily limits, per-tx caps, recipient allowlists |
+| `check_budget` | Query on-chain remaining budget |
+| `queue_approval` | Approve or cancel a queued transaction |
+| `get_transaction_history` | On-chain event logs with filtering |
+| `deploy_wallet` | Deploy a new AgentAccountV2 smart contract wallet |
 
-// Response
-{ "success": true, "burnTxHash": "0x...", "mintTxHash": "0x...", "amount": "500 USDC" }
-```
+### Token Operations
 
----
+| Tool | What It Does |
+|------|-------------|
+| `lookup_token` | Token address + decimals by symbol and chain |
+| `add_custom_token` | Register a custom ERC-20 in the token registry |
+| `list_chain_tokens` | All registered tokens for a chain |
+| `send_token` | Send any registry token (resolves address + decimals automatically) |
+| `get_balances` | Token balances across one or more tokens |
 
-### `set_spend_policy`
+### DeFi
 
-Configure the Agent Wallet spend policy. Sets a daily limit, per-transaction cap, and optional recipient allowlist. Enforced for the lifetime of the MCP server.
+| Tool | What It Does |
+|------|-------------|
+| `swap_tokens` | Uniswap V3 swap on Base, Arbitrum, Optimism, or Polygon |
+| `bridge_usdc` | CCTP V2 cross-chain USDC bridge (10 EVM chains, ~12s) |
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `dailyLimitEth` | string | ❌ | Daily spend limit in ETH-equivalent (e.g. `"0.1"`) |
-| `perTxCapEth` | string | ❌ | Per-transaction cap in ETH-equivalent (e.g. `"0.01"`) |
-| `allowedRecipients` | string[] | ❌ | Allowlist of recipient addresses. Empty = all allowed. |
+### Identity & Trust
 
-**Example:**
-```json
-// Request
-{ "dailyLimitEth": "0.5", "perTxCapEth": "0.05", "allowedRecipients": ["0xrecipient..."] }
-
-// Response
-{ "success": true, "policy": { "dailyLimitEth": "0.5", "perTxCapEth": "0.05" } }
-```
+| Tool | What It Does |
+|------|-------------|
+| `verify_agent_identity` | ERC-8004 on-chain identity verification |
+| `get_reputation` | On-chain reputation score and history |
+| `create_escrow` | Mutual-stake USDC escrow — both parties lock collateral |
 
 ---
 
-### `check_budget`
-
-Query the on-chain remaining budget for a given spender and token.
+## Key Tool Examples
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `token` | string | ❌ | Token address (omit for ETH / zero address) |
-| `spender` | string | ❌ | Spender address (defaults to Agent Wallet address) |
+### `x402_pay` — The Core Tool
 
-**Example:**
 ```json
 // Request
-{}
+{
+  "tool": "x402_pay",
+  "arguments": {
+    "url": "https://api.example.com/premium-data",
+    "max_payment_eth": "0.0002"
+  }
+}
 
 // Response
-{ "remaining": "0.085 ETH", "spent": "0.015 ETH", "limit": "0.1 ETH", "periodEnds": "2026-03-23T00:00:00Z" }
+{ "status": 200, "body": "{ ... }" }
 ```
 
----
-
-### `verify_agent_identity`
-
-Verify an agent's on-chain identity using ERC-8004. Returns identity details including agent ID, URI, and registration file.
+If the cost exceeds `max_payment_eth`, the tool returns an error before paying — no surprise charges.
 
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `agentAddress` | string | ✅ | Agent owner address (0x-prefixed) |
+### `x402_session_start` — Pay Once for Multiple Calls
 
-**Example:**
 ```json
 // Request
-{ "agentAddress": "0xagent..." }
+{
+  "tool": "x402_session_start",
+  "arguments": {
+    "endpoint": "https://api.example.com/",
+    "ttl_seconds": 3600,
+    "label": "market-data-session"
+  }
+}
 
 // Response
-{ "found": true, "agentId": "42", "owner": "0xagent...", "uri": "ipfs://Qm...", "registrationFile": { "name": "MyAgent", "version": "1.0" } }
+{ "session_id": "sess_abc123", "token": "eyJ...", "expires_at": 1741000000 }
 ```
 
----
-
-### `get_reputation`
-
-Fetch an agent's on-chain reputation score and history.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `agentAddress` | string | ✅ | Agent address (0x-prefixed) |
-
-**Example:**
 ```json
-// Request
-{ "agentAddress": "0xagent..." }
-
-// Response
-{ "agentAddress": "0xagent...", "score": 92, "level": "trusted", "totalInteractions": 1250, "successRate": 0.98 }
+// Subsequent calls — no new payment
+{
+  "tool": "x402_session_fetch",
+  "arguments": {
+    "url": "https://api.example.com/stocks/AAPL",
+    "session_id": "sess_abc123"
+  }
+}
 ```
 
----
-
-### `create_escrow`
+### `check_budget` — Know Before You Loop
 
-Create a mutual-stake escrow vault between the Agent Wallet (buyer) and a counterparty (seller). Both parties lock collateral equal to the payment amount, ensuring aligned incentives. Uses USDC as the payment token.
-
-**Parameters:**
-| Name | Type | Required | Description |
-|---|---|---|---|
-| `counterpartyAddress` | string | ✅ | Seller/counterparty address (0x-prefixed) |
-| `stakeAmount` | string | ✅ | Payment amount in USDC (e.g. `"100"`) |
-| `terms` | string | ✅ | Human-readable escrow terms |
-| `factoryAddress` | string | ❌ | StakeVaultFactory address (defaults to `FACTORY_ADDRESS` env) |
-| `deadlineDays` | number | ❌ | Deadline in days (default: 7) |
-| `challengeWindowHours` | number | ❌ | Challenge window in hours after fulfillment (default: 24) |
-
-**Example:**
 ```json
-// Request
-{ "counterpartyAddress": "0xseller...", "stakeAmount": "100", "terms": "Deliver logo design by 2026-04-01" }
+// Request — check before starting an expensive loop
+{ "tool": "check_budget", "arguments": {} }
 
 // Response
-{ "success": true, "escrowAddress": "0xvault...", "txHash": "0x...", "deadline": "2026-03-29T00:00:00Z" }
+{
+  "remaining": "7.50 USDC",
+  "spent": "2.50 USDC",
+  "limit": "10.00 USDC",
+  "periodEnds": "2026-03-24T00:00:00Z"
+}
 ```
 
 ---
 
 ## Supported Chains
 
-| Chain | Chain ID | Features |
-|---|---|---|
-| Base Mainnet | 8453 | All features (recommended) |
-| Ethereum Mainnet | 1 | Identity, bridge, transfers |
-| Arbitrum One | 42161 | All features, swaps |
-| Optimism | 10 | All features, swaps |
-| Polygon | 137 | All features, swaps |
+| Chain | Chain ID | Recommended For |
+|-------|----------|----------------|
+| Base Mainnet | 8453 | Everything — lowest gas, most x402 activity |
+| Arbitrum One | 42161 | High-throughput swaps |
+| Optimism | 10 | Low-cost transfers |
+| Polygon | 137 | High-frequency micro-payments |
+| Ethereum Mainnet | 1 | Identity, large settlements |
 | Avalanche | 43114 | Bridge, transfers |
-| Linea | 59144 | Bridge, transfers |
-| Unichain | 1301 | Bridge, transfers |
-| Sonic | 146 | Bridge, transfers |
-| Worldchain | 480 | Bridge, transfers |
-| Base Sepolia | 84532 | Testnet — all features |
-| Arbitrum Sepolia | 421614 | Testnet — identity, transfers |
+| Linea / Unichain / Sonic / Worldchain | various | Bridge, transfers |
+| Base Sepolia | 84532 | Testing |
 
 ---
 
-## Supported Tokens
-
-AgentPay MCP ships with **100+ pre-loaded tokens** across all supported chains via `agentwallet-sdk`'s TokenRegistry. Common tokens available on every major chain include:
+## Security Model
 
-- **Stablecoins:** USDC, USDT, DAI, FRAX, LUSD
-- **Native Wrapped:** WETH, WBTC, WMATIC, WAVAX
-- **DeFi:** UNI, AAVE, LINK, CRV, LDO
-- **L2 Tokens:** cbETH, rETH, weETH, ezETH
+**Non-custodial:** The agent signs all transactions locally with its private key. No third party holds or validates keys.
 
-**Custom tokens** can be registered at runtime with `add_custom_token` and will be available to `send_token`, `get_balances`, and `swap_tokens` immediately.
+**On-chain enforcement:**
+- Per-transaction caps — over-cap transactions queue for human approval via `queue_approval`
+- Daily period limits — aggregate spending enforced by the AgentAccountV2 smart contract
+- Recipient allowlists — restrict which addresses the agent can send to
 
----
+**Role separation:**  
+The agent's signing key (`AGENT_PRIVATE_KEY`) can only transact within limits set by the wallet owner. Even if the agent's key is leaked or the agent is compromised, an attacker can only spend up to the configured cap before the next reset.
 
-## Configuration
+**x402 sessions:**  
+Session tokens are ECDSA-signed claims. Any x402 V2 server can independently verify them — no central session store required.
 
-| Env Var | Required | Default | Description |
-|---|---|---|---|
-| `AGENT_PRIVATE_KEY` | ✅ | — | Agent signing key (0x-prefixed hex). NOT the owner key. |
-| `AGENT_WALLET_ADDRESS` | ✅ | — | Deployed AgentAccountV2 contract address |
-| `CHAIN_ID` | ❌ | `8453` | Chain ID (8453 = Base Mainnet) |
-| `RPC_URL` | ❌ | Public Base RPC | Custom RPC endpoint (Alchemy, Infura, etc. recommended) |
-| `SESSION_TTL_SECONDS` | ❌ | `3600` | Default x402 session lifetime (60–2592000 seconds) |
-| `FACTORY_ADDRESS` | ❌ | — | AgentAccountFactoryV2 address (for `deploy_wallet`, `create_escrow`) |
-| `NFT_CONTRACT_ADDRESS` | ❌ | — | NFT contract address (for `deploy_wallet`) |
+**Minimal dependency footprint:**  
+AgentPay MCP has **zero LiteLLM dependency**. The entire server runs on `viem` (Ethereum client), `@modelcontextprotocol/sdk`, and a handful of auditable packages — no heavyweight LLM routing layers in the dependency tree. This matters: on March 24, 2026, LiteLLM versions 1.82.7 and 1.82.8 on PyPI were [confirmed compromised](https://github.com/berriai/litellm/issues) in a supply chain attack targeting AI agent infrastructure. Any MCP server that depends on LiteLLM (directly or transitively) was exposed. AgentPay MCP was not — because payment infrastructure should have the smallest possible attack surface.
 
 ---
 
-## Security
-
-### Non-Custodial Design
-
-AgentPay MCP is **non-custodial** — the agent signs all transactions locally with its private key. No third party holds or validates keys at any point.
+## MCP 2026 Compliance
 
-### On-Chain Spending Controls
+AgentPay MCP aligns with the emerging MCP security standards for 2026, including CoSAI (Coalition for Secure AI) threat categories and OAuth 2.1 requirements.
 
-- **Per-transaction caps** — transactions exceeding the cap are queued for human approval via `queue_approval`
-- **Daily period limits** — aggregate spending is enforced on-chain by the AgentAccountV2 contract
-- **Recipient allowlists** — restrict which addresses the agent can send to via `set_spend_policy`
+**Security posture documentation:** See [`docs/security-posture.md`](docs/security-posture.md) for the full compliance matrix covering:
 
-### Separation of Roles
+- **CoSAI T9 (Financial Fraud)** — On-chain spend caps, merchant allowlists, and human-approval gates mitigate unauthorized agent spending
+- **CoSAI T10 (Identity Spoofing)** — ERC-8004 agent identity verification + non-custodial key management prevent identity-based attacks
+- **OAuth 2.1 + PKCE** — MCP server authentication supports OAuth 2.1 with PKCE for enterprise SSO integration (Azure AD, Okta)
+- **MCP Audit Logging** — Every tool invocation logged with timestamp, parameters, outcome, and transaction hash (where applicable)
 
-The agent's signing key (`AGENT_PRIVATE_KEY`) can **only** transact within the limits set by the wallet owner. The owner (NFT holder) can:
-- Adjust spend limits without redeploying
-- Revoke the agent's operator access
-- Cancel queued transactions
-
-This means even if the agent's key is compromised, the attacker can only spend up to the configured limit.
-
-### x402 Session Tokens
-
-Session tokens are self-contained ECDSA-signed claims. Any server implementing x402 V2 can independently verify them — no central session store required.
+For enterprise security teams evaluating MCP servers: the security posture document provides the artifact your audit process needs.
 
 ---
 
@@ -695,7 +500,7 @@ Session tokens are self-contained ECDSA-signed claims. Any server implementing x
 ┌─────────────────────────────────────────┐
 │  AI Agent (Claude / Cursor / Windsurf)  │
 └────────────────┬────────────────────────┘
-                 │  MCP (stdio/SSE)
+                 │  MCP (stdio / SSE)
 ┌────────────────▼────────────────────────┐
 │           AgentPay MCP Server           │
 │  ┌────────────┐  ┌────────────────────┐ │
@@ -706,28 +511,22 @@ Session tokens are self-contained ECDSA-signed claims. Any server implementing x
 │  │       agentwallet-sdk v6.0.0       │ │
 │  │  TokenRegistry  SwapModule         │ │
 │  │  BridgeModule   ERC8004Client      │ │
-│  │  ReputationClient  MutualStake...  │ │
 │  └─────┬──────────────────────────────┘ │
 └────────┼────────────────────────────────┘
          │  viem + RPC
 ┌────────▼────────────────────────────────┐
 │  AgentAccountV2 Smart Contract          │
+│  SpendingPolicy  ·  Tx Queue            │
 │  (12 chains — Base, ETH, ARB, OP, ...)  │
 └─────────────────────────────────────────┘
 ```
 
-**MCP Transport:** The server uses `stdio` transport by default (compatible with Claude Desktop, Cursor, Windsurf, any MCP-compatible host). SSE transport is available for remote/networked deployments.
-
-**Tool Routing:** Each MCP tool call is routed to the corresponding handler in `src/tools/`. All handlers are typed with Zod schemas and return structured `{ content: [{ type: "text", text: "..." }] }` responses.
-
-**Token Resolution:** `send_token`, `get_balances`, and `swap_tokens` use the agentwallet-sdk `TokenRegistry` to resolve symbols to on-chain addresses and decimals, eliminating the need for agents to manage contract addresses manually.
+Transport: `stdio` by default (Claude Desktop, Cursor, Windsurf). SSE available for remote deployments.
 
 ---
 
 ## Contributing
 
-See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on submitting issues and pull requests.
-
 ```bash
 git clone https://github.com/up2itnow0822/agentpay-mcp
 cd agentpay-mcp
@@ -738,16 +537,16 @@ npm test
 
 ---
 
-## License
+## Patent Notice
 
-MIT © [AI Agent Economy](https://ai-agent-economy.com)
+**Patent Pending** — USPTO provisional application filed March 2026: "Non-Custodial Multi-Chain Financial Infrastructure System for Autonomous AI Agents."
 
----
+We support the open x402 standard. Our filing is defensive — to prevent hostile monopolization of open payment rails, not to restrict builders using open standards.
 
-## About
+---
 
-Built by **AI Agent Economy** — infrastructure for autonomous agent commerce.
+## License
 
-> Payment infrastructure integrated into **NVIDIA's official NeMo Agent Toolkit Examples catalog**.
+MIT © [AI Agent Economy](https://ai-agent-economy.com)
 
-**Patent Pending** — USPTO provisional application filed March 2026.
+Built by **AI Agent Economy** — infrastructure for production agent workflows.

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agentpay-mcp",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "mcpName": "io.github.up2itnow0822/agentpay",
-  "description": "AgentPay MCP Server — Non-custodial x402 payment layer for AI agents. Multi-chain wallets, spending limits, and machine-to-machine payments.",
+  "description": "AgentPay MCP Server — Non-custodial x402 payment layer for AI agents. Multi-chain wallets, spending limits, and machine-to-machine payments. Patent Pending.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -23,7 +23,7 @@
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
     "typecheck": "tsc --noEmit",
-    "lint": "eslint src/",
+    "lint": "eslint src/ tests/ --config eslint.config.mjs",
     "prepublishOnly": "npm run clean && npm run build && npm run typecheck"
   },
   "keywords": [
@@ -66,6 +66,7 @@
     "@typescript-eslint/parser": "^8.57.1",
     "@vitest/coverage-v8": "^4.0.18",
     "eslint": "^10.1.0",
+    "globals": "^17.4.0",
     "typescript": "^5.3.3",
     "typescript-eslint": "^8.57.1",
     "vitest": "^4.0.18"