npm - agentpay-mcp - Versions diffs - 4.0.1 → 4.0.2 - Mend

agentpay-mcp 4.0.1 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +63 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -35,6 +35,26 @@ When 88% of enterprises have had an agent security incident, "trust by default"
 ---
+## Why Cost Governance Matters for MCP Agents
+The Model Context Protocol gives agents access to powerful tools — but the protocol itself has no built-in mechanism for controlling what those tools cost. This isn't a theoretical gap. WorkOS's 2026 guide to MCP security explicitly identifies **rate limiting, cost attribution, and per-call spend caps** as unsolved problems at the MCP protocol level. Every MCP server can charge. No MCP client enforces budgets.
+The result: an agent with access to 10 MCP servers can accumulate unbounded costs across sessions, with no standard way to attribute spend per tool, cap exposure per call, or halt runaway loops before they drain a wallet.
+AgentPay MCP closes this gap at the infrastructure layer:
+| MCP Cost Governance Gap | AgentPay MCP Solution |
+|---|---|
+| No per-call spend caps in the MCP spec | **On-chain per-transaction caps** — enforced by smart contract, not application logic |
+| No cost attribution across MCP servers | **Full transaction history** with merchant, amount, timestamp, and tool context per call |
+| No rate limiting for paid tool invocations | **Daily aggregate spend limits** — hard ceiling regardless of how many tools or sessions run |
+| No human oversight mechanism in the protocol | **Human-in-the-loop approval** — transactions above threshold queue for explicit human review |
+| No simulation/dry-run for cost estimation | **Simulation mode** — preview transaction cost and recipient before committing funds |
+If you're building agents that interact with paid APIs, MCP spend limits and MCP cost governance aren't optional — they're the difference between a demo and a production deployment. AgentPay MCP is the open-source reference implementation for solving this at the protocol's edge.
+---
 ## Security & Dependencies
 AgentPay MCP is built for enterprise MCP deployments where supply chain security matters.
@@ -545,6 +565,49 @@ We support the open x402 standard. Our filing is defensive — to prevent hostil
 ---
+## x402 Ecosystem — 75M+ Transactions, Cloudflare Native Support
+agentpay-mcp is built on the [x402 HTTP payment standard](https://x402.org), which has now processed **75M+ transactions on Base mainnet** — primarily through Coinbase Agentic Wallets and developer integrations.
+**Cloudflare has added native x402 support** to its Agents SDK and MCP server runtime, meaning any Cloudflare Worker-hosted agent can now make x402 payments natively. Google, Circle, and Stripe are all actively integrating x402 into their agent ecosystems.
+agentpay-mcp is the **open-source governance layer** on top of this infrastructure: while x402 handles the payment protocol, agentpay-mcp adds the trust controls that production agents require — HITL approval queues, spend caps, recipient allowlists, and on-chain audit trails.
+| x402 Ecosystem | Status |
+|---|---|
+| Base mainnet transactions | 75M+ |
+| Cloudflare Agents SDK | ✅ Native support |
+| Cloudflare MCP servers | ✅ Native support |
+| Coinbase Agentic Wallets | ✅ Primary client |
+| Google / Circle / Stripe | 🔄 Active integration |
+| agentpay-mcp governance layer | ✅ Open-source |
+---
+## EU AI Act Compliance
+**Enforcement deadline: August 2, 2026.** AI systems that execute or facilitate financial transactions are classified as **high-risk** under EU AI Act Annex III. High-risk classification requires:
+- ✅ **Human oversight mechanisms** — mandatory human review and override capability
+- ✅ **Transparency and explainability** — auditable transaction records
+- ✅ **Access controls** — spend limits that cannot be bypassed by the agent
+- ✅ **Technical documentation** — conformity assessment support
+agentpay-mcp satisfies all four requirements out of the box:
+| Requirement | agentpay-mcp Feature |
+|---|---|
+| Human oversight | `queue_approval` — transactions above threshold require explicit human approval before execution |
+| Audit trail | `get_transaction_history` — full on-chain event log, immutable, verifiable on basescan.org |
+| Spend controls | `set_spend_policy` — per-tx caps and daily limits enforced at the smart contract layer |
+| Scope restriction | Recipient allowlists — agent cannot send to unapproved addresses regardless of instructions |
+European enterprises deploying agent systems that touch payments have **~150 days** to implement compliant human oversight and audit controls. agentpay-mcp is the fastest path to EU AI Act compliance for MCP-compatible agent deployments.
+> **Fines for non-compliance:** Up to €35M or 7% of global annual revenue. Germany published its national enforcement bill in February 2026.
+---
 ## License
 MIT © [AI Agent Economy](https://ai-agent-economy.com)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentpay-mcp",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "mcpName": "io.github.up2itnow0822/agentpay",
   "description": "AgentPay MCP Server — Non-custodial x402 payment layer for AI agents. Multi-chain wallets, spending limits, and machine-to-machine payments. Patent Pending.",
   "main": "dist/index.js",