mcp-server-agentpay 1.0.4 → 1.0.5

package/README.md

@@ -61,7 +61,7 @@ You get $1 in free credits to start.
 Use `fund_wallet_stripe` — returns a checkout URL for a human to complete.
 
 ### x402 USDC (fully autonomous)
-Use `fund_wallet_x402` — returns endpoint, network, and instructions for autonomous USDC payments via the x402 protocol. No human needed.
+Use `fund_wallet_x402` — returns endpoint, network, and instructions for autonomous USDC payments via the x402 protocol on Base mainnet. No human needed.
 
 ## Credit Packages
 

package/SKILL.md

@@ -0,0 +1,112 @@
+---
+name: agentpay
+description: "Payment gateway for autonomous AI agents — discover, provision, and pay for MCP tool APIs with a single gateway key. Use when building agents that need to pay for API calls, integrating metered billing into MCP workflows, setting up agent wallets, or working with the AgentPay gateway (Stripe + x402 USDC funding). Triggers on: agent payments, tool marketplace, metered billing, agent wallet, gateway key, AgentPay, pay-per-call, autonomous funding, x402, agent economy."
+---
+
+# AgentPay — Payment Gateway for AI Agents
+
+One key, every tool. Agents discover, provision, and pay for tool APIs through a single gateway — no per-service accounts or auth.
+
+## Quick Setup
+
+### Add MCP Server
+
+```bash
+claude mcp add agentpay -- npx -y mcp-server-agentpay
+```
+
+Or in `~/.claude/settings.json`:
+
+```json
+{
+  "mcpServers": {
+    "agentpay": {
+      "command": "npx",
+      "args": ["-y", "mcp-server-agentpay"],
+      "env": {
+        "AGENTPAY_GATEWAY_KEY": "apg_your_key_here"
+      }
+    }
+  }
+}
+```
+
+### Register
+
+```bash
+curl -X POST https://agentpay.metaltorque.dev/gateway/register \
+  -H "Content-Type: application/json" \
+  -d '{"email": "you@example.com"}'
+```
+
+Returns `apg_` key + $1 free credits.
+
+## MCP Tools
+
+| Tool | Purpose |
+|------|---------|
+| `discover_tools` | Search tools by keyword |
+| `list_tools` | List all tools with pricing |
+| `check_balance` | Wallet balance and provisioned tools |
+| `call_tool` | Call any tool method (auto-provisions, metered) |
+| `provision_tool` | Pre-provision access (optional) |
+| `get_usage` | Call history with costs |
+| `fund_wallet_stripe` | Stripe checkout URL (human pays) |
+| `fund_wallet_x402` | x402 USDC funding (fully autonomous) |
+| `x402_info` | x402 payment details |
+
+## Workflow
+
+1. **Register** → get `apg_` key + $1 free
+2. **Fund** → Stripe (human) or x402 USDC (autonomous)
+3. **Discover** → search tools by capability
+4. **Call** → gateway handles auth + billing
+
+## Calling Tools
+
+```
+call_tool(tool: "agent-audit", method: "security_scan", params_json: '{"url": "example.com"}')
+```
+
+Response: `[Cost: $0.50 | Balance: $9.50 | Time: 1200ms]` + tool result.
+
+## Credit Packages
+
+| Package | Price | Credits |
+|---------|-------|---------|
+| micro | $10 | 10 |
+| small | $45 | 50 |
+| medium | $80 | 100 |
+| large | $350 | 500 |
+| whale | $600 | 1,000 |
+
+## Autonomous Funding (x402 USDC)
+
+For fully autonomous operation without human intervention:
+
+```javascript
+import { wrapFetchWithPayment } from "@x402/fetch";
+const res = await fetchWithPayment(endpoint, {
+  method: "POST",
+  headers: { "X-Gateway-Key": key }
+});
+```
+
+Requires: `npm install @x402/fetch @x402/evm` + `EVM_PRIVATE_KEY` env var.
+
+## Environment Variables
+
+| Variable | Required | Default |
+|----------|----------|---------|
+| `AGENTPAY_GATEWAY_KEY` | Yes | — |
+| `AGENTPAY_URL` | No | `https://agentpay.metaltorque.dev` |
+
+## For Tool Providers
+
+Register tools on the marketplace — see `references/api_reference.md` for developer endpoints, SDK usage, and enterprise features.
+
+## Links
+
+- npm: `mcp-server-agentpay`
+- GitHub: `github.com/joepangallo/agent-pay`
+- MCP Registry: `io.github.joepangallo/agent-pay`

package/index.js

@@ -10,7 +10,20 @@ const { version } = require("./package.json");
 // ── Config ──────────────────────────────────────────────────────────
 
 const GATEWAY_KEY = process.env.AGENTPAY_GATEWAY_KEY || "";
-const BASE_URL = (process.env.AGENTPAY_URL || "https://agentpay.metaltorque.dev").replace(/\/$/, "");
+const ALLOWED_HOSTS = ["agentpay.metaltorque.dev", "localhost", "127.0.0.1"];
+const rawUrl = (process.env.AGENTPAY_URL || "https://agentpay.metaltorque.dev").replace(/\/$/, "");
+const parsedHost = new URL(rawUrl).hostname;
+if (!ALLOWED_HOSTS.includes(parsedHost)) {
+  console.error(`[agentpay] SECURITY: AGENTPAY_URL host "${parsedHost}" not in allowlist. Refusing to start.`);
+  console.error(`[agentpay] Allowed: ${ALLOWED_HOSTS.join(", ")}. Override with caution.`);
+  process.exit(1);
+}
+const BASE_URL = rawUrl;
+
+// ── Session spending cap ────────────────────────────────────────────
+
+const SESSION_BUDGET = Number(process.env.AGENTPAY_SESSION_BUDGET) || 25; // $25 default
+let sessionSpent = 0;
 
 // ── HTTP helper ─────────────────────────────────────────────────────
 
@@ -141,7 +154,7 @@ server.tool(
 
 server.tool(
   "call_tool",
-  "Call any tool method through the AgentPay gateway. Automatically provisions access on first use. Credits are deducted per call. Use discover_tools or list_tools first to see available tools and methods.",
+  "Call any tool method through the AgentPay gateway. Automatically provisions access on first use. Credits are deducted per call (real money). Use discover_tools or list_tools first to see available tools and methods. IMPORTANT: Each call costs real credits. Only call when explicitly instructed by the user.",
   {
     tool: z.string().describe("Tool ID (e.g. 'agent-audit', 'indexforge')"),
     method: z.string().describe("Method name (e.g. 'security_scan', 'scan_sitemap')"),
@@ -149,6 +162,12 @@ server.tool(
   },
   async ({ tool, method, params_json }) => {
     if (!GATEWAY_KEY) return noKeyError();
+
+    // Session spending cap
+    if (sessionSpent >= SESSION_BUDGET) {
+      return { content: [{ type: "text", text: `Session budget exhausted ($${sessionSpent.toFixed(2)}/$${SESSION_BUDGET}). Restart the MCP server or increase AGENTPAY_SESSION_BUDGET to continue.` }] };
+    }
+
     try {
       let params = {};
       if (params_json) {
@@ -156,8 +175,9 @@ server.tool(
       }
       const result = await request("POST", "/gateway/call", { tool, method, params }, 600_000);
       const cost = Number(result.cost) || 0;
+      sessionSpent += cost;
       const balance = Number(result.balance) || 0;
-      const meta = `[Cost: $${cost.toFixed(2)} | Balance: $${balance.toFixed(2)} | Time: ${result.elapsed || 0}ms]`;
+      const meta = `[Cost: $${cost.toFixed(2)} | Balance: $${balance.toFixed(2)} | Session: $${sessionSpent.toFixed(2)}/$${SESSION_BUDGET} | Time: ${result.elapsed || 0}ms]`;
       return {
         content: [{ type: "text", text: `${meta}\n\n${JSON.stringify(result.result, null, 2)}` }],
       };
@@ -228,7 +248,7 @@ server.tool(
 
 server.tool(
   "fund_wallet_x402",
-  "Get x402 crypto funding info for your wallet. Returns the endpoint URL, network, and setup instructions. To actually pay, your HTTP client needs @x402/fetch which automatically handles the 402 payment flow with USDC. This is the fully autonomous funding method — no human needed.",
+  "Get x402 crypto funding info for your wallet. Returns the endpoint URL, network, and setup instructions. IMPORTANT: This spends real USDC on Base mainnet. Only call when explicitly instructed by the user. To actually pay, your HTTP client needs @x402/fetch which automatically handles the 402 payment flow.",
   {
     package: z.enum(["micro", "small", "medium", "large", "whale"]).describe("Credit package: micro ($10/10cr), small ($45/50cr), medium ($80/100cr), large ($350/500cr), whale ($600/1000cr)"),
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-server-agentpay",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "mcpName": "io.github.joepangallo/agent-pay",
   "description": "MCP server for AgentPay — the payment gateway for autonomous AI agents. Lets agents discover, provision, and pay for MCP tool APIs with a single gateway key.",
   "bin": {
@@ -44,8 +44,8 @@
     "url": "https://github.com/joepangallo/agent-pay"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.27.0",
-    "zod": "^3.23.0"
+    "@modelcontextprotocol/sdk": "1.27.0",
+    "zod": "3.24.2"
   },
   "engines": {
     "node": ">=18"
@@ -53,6 +53,7 @@
   "files": [
     "index.js",
     "README.md",
+    "SKILL.md",
     "server.json",
     "package.json"
   ]