pop-pay

pop-pay

Project Point One Percent - Agent Pay \[pop-pay] is a payment guardrail and one-time flow protocol specifically designed for Agentic AI (e.g., Claude Code, OpenClaw). It enables agents to handle financial transactions safely without risking unlimited exposure of human-controlled credit cards.

Category
访问服务器

README

PyPI version License: MIT CI Python 3.10+

<p align="center"> <picture> <img src="https://raw.githubusercontent.com/100xPercent/pop-pay-python/main/project_banner.png" alt="Point One Percent (AgentPay)" width="800"> </picture> </p>

Point One Percent — pop-pay

<p align="left"><i>it only takes <b>0.1%</b> of Hallucination to drain <b>100%</b> of your wallet.</i></p>

The runtime security layer for AI agent commerce. Drop-in CLI + MCP server. Card credentials are injected directly into the browser DOM via CDP — they never enter the agent's context window. One hallucinated prompt can't drain a wallet it can't see.

<p align="center"> <img src="https://raw.githubusercontent.com/100xPercent/pop-pay-python/main/assets/runtime_demo.gif" alt="Point One Percent — live CDP injection demo" width="800"> </p>

Install

Choose your preferred method:

<details> <summary>pipx — isolated global CLI</summary>

pipx install "pop-pay[mcp]"

</details>

<details> <summary>pip</summary>

pip install "pop-pay[mcp]"

</details>

<details> <summary>uv (isolated tool install)</summary>

uv tool install "pop-pay[mcp]"

</details>

<details> <summary>Extras matrix — feature flags</summary>

pip install "pop-pay"                  # core (keyword guardrail + mock provider)
pip install "pop-pay[mcp,browser]"     # CDP injection (browser automation)
pip install "pop-pay[mcp,llm]"         # LLM guardrails (OpenAI, Ollama, vLLM, OpenRouter)
pip install "pop-pay[stripe]"          # Stripe virtual card issuing
pip install "pop-pay[langchain]"       # LangChain integration
pip install "pop-pay[all]"             # everything

</details>

All install paths expose the CLI binaries: pop-launch, pop-init-vault, pop-unlock, and pop-pay (dashboard launcher).

Using Node.js / JavaScript? Check out pop-pay (npm)npm i -g pop-pay or brew install 100xpercent/tap/pop-pay. Same security model, same vault format, independent release cycle — safe to switch between runtimes.

Quick Start (CLI)

1. Initialize the encrypted credential vault

pop-init-vault

This encrypts your card credentials into ~/.config/pop-pay/vault.enc (AES-256-GCM). For stronger protection (blocks agents with shell access):

pop-init-vault --passphrase   # one-time setup
pop-unlock                     # run once per session

2. Launch Chrome with CDP remote debugging

pop-launch

Opens a Chromium instance on http://localhost:9222 that pop-pay injects credentials into. Your agent (via MCP, browser automation, or x402) then drives the checkout flow — card details never leave the browser process.

3. Open the monitoring dashboard (optional)

pop-pay

Real-time view of agent payment activity, budget utilization, and rejection logs.

4. Plug into your agent

Two supported integration paths:

  • MCP server — add pop-pay to any MCP-compatible client (Claude Code, OpenClaw). See MCP Server below.
  • Python SDK / LangChain — see Python SDK below.

MCP Server (optional)

The MCP server is invoked as a Python module and decrypts the vault at startup.

Add to your MCP client

{
  "mcpServers": {
    "pop-pay": {
      "command": "python3",
      "args": ["-m", "pop_pay.mcp_server"],
      "env": {
        "POP_CDP_URL": "http://localhost:9222"
      }
    }
  }
}

<details> <summary>Claude Code</summary>

claude mcp add pop-pay -- python3 -m pop_pay.mcp_server

With environment variables:

claude mcp add pop-pay \
  -e POP_CDP_URL=http://localhost:9222 \
  -e POP_ALLOWED_CATEGORIES='["aws","cloudflare"]' \
  -e POP_MAX_PER_TX=100.0 \
  -e POP_MAX_DAILY=500.0 \
  -e POP_GUARDRAIL_ENGINE=keyword \
  -- python3 -m pop_pay.mcp_server

</details>

<details> <summary>OpenClaw / NemoClaw</summary>

Compatible with any MCP host. See the Integration Guide for setup instructions and System Prompt templates.

</details>

<details> <summary>Docker</summary>

docker-compose up -d

Runs the MCP server + headless Chromium with CDP. Mount your encrypted vault from the host. See docker-compose.yml for configuration.

</details>

MCP Tools

Tool Description
request_virtual_card Issue a virtual card and inject credentials into the checkout page via CDP.
request_purchaser_info Auto-fill billing/contact info (name, address, email, phone).
request_x402_payment Pay for API calls via the x402 HTTP payment protocol.
page_snapshot Scan a checkout page for hidden prompt injections or anomalies.

Configuration

Core variables in ~/.config/pop-pay/.env. See ENV_REFERENCE.md for the full list.

Variable Default Description
POP_ALLOWED_CATEGORIES ["aws","cloudflare"] Approved vendor categories — see Categories Cookbook
POP_MAX_PER_TX 100.0 Max USD per transaction
POP_MAX_DAILY 500.0 Max USD per day
POP_BLOCK_LOOPS true Block hallucination/retry loops
POP_AUTO_INJECT true Enable CDP card injection
POP_GUARDRAIL_ENGINE keyword keyword (zero-cost) or llm (semantic)

Guardrail Mode

keyword (default) llm
Mechanism Keyword matching on reasoning string Semantic analysis via LLM
Cost Zero — no API calls One LLM call per request
Best for Development, low-risk workflows Production, high-value transactions

To enable LLM mode, see Integration Guide §1.

Providers

Provider Description
BYOC (default) Bring Your Own Card — encrypted vault credentials, local CDP injection.
Stripe Issuing Real virtual cards via Stripe API. Requires POP_STRIPE_KEY.
Lithic Multi-issuer adapter (Stripe Issuing / Lithic).
Mock Test mode with generated card numbers for development.

Priority: Stripe Issuing → BYOC Local → Mock.

Python SDK

Integrate pop-pay into custom Python or LangChain workflows:

from pop_pay.client import PopClient
from pop_pay.providers.stripe_mock import MockStripeProvider
from pop_pay.core.models import GuardrailPolicy

client = PopClient(
    provider=MockStripeProvider(),
    policy=GuardrailPolicy(
        allowed_categories=["API", "Cloud"],
        max_amount_per_tx=50.0,
        max_daily_budget=200.0,
    ),
)

# LangChain integration
from pop_pay.tools.langchain import PopPaymentTool
tool = PopPaymentTool(client=client, agent_id="agent-01")

See Integration Guide §2 for the full SDK and provider reference.

Security

Layer Defense
Context Isolation Card credentials never enter the agent's context window or logs
Encrypted Vault AES-256-GCM with PBKDF2 key derivation and OS keyring integration
TOCTOU Guard Domain verified at the moment of CDP injection — blocks redirect attacks
Repr Redaction Automatic masking (****-4242) in all MCP responses, logs, and tracebacks

See THREAT_MODEL.md for the full STRIDE analysis and COMPLIANCE_FAQ.md for enterprise details.

Architecture

  • Python — Core engine, MCP server, guardrail logic, CLI
  • Cython — Performance-critical vault operations and memory protection
  • Chrome DevTools Protocol — Direct DOM injection via raw WebSocket
  • SQLite — Local transaction auditing and state management

Documentation

License

MIT

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选