{"id":48798909,"url":"https://github.com/100xpercent/pop-pay","last_synced_at":"2026-04-14T01:00:38.024Z","repository":{"id":349650849,"uuid":"1202822142","full_name":"100xPercent/pop-pay","owner":"100xPercent","description":"The runtime security layer for AI agent commerce","archived":false,"fork":false,"pushed_at":"2026-04-11T05:21:59.000Z","size":1683,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-11T05:33:47.620Z","etag":null,"topics":["ai-agent","guardrail","mcp","mcp-server","payment","security"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/100xPercent.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-06T12:43:45.000Z","updated_at":"2026-04-11T03:44:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"1589c356-d2f6-4059-a783-1cd11b0a577c","html_url":"https://github.com/100xPercent/pop-pay","commit_stats":null,"previous_names":["tpemist/pop-pay","100xpercent/pop-pay"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/100xPercent/pop-pay","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/100xPercent%2Fpop-pay","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/100xPercent%2Fpop-pay/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/100xPercent%2Fpop-pay/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/100xPercent%2Fpop-pay/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/100xPercent","download_url":"https://codeload.github.com/100xPercent/pop-pay/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/100xPercent%2Fpop-pay/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31777348,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-14T00:11:49.126Z","status":"ssl_error","status_checked_at":"2026-04-14T00:10:29.837Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","guardrail","mcp","mcp-server","payment","security"],"created_at":"2026-04-14T01:00:25.316Z","updated_at":"2026-04-14T01:00:38.018Z","avatar_url":"https://github.com/100xPercent.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![npm version](https://img.shields.io/npm/v/pop-pay.svg)](https://www.npmjs.com/package/pop-pay) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![CI](https://github.com/100xPercent/pop-pay/actions/workflows/ci.yml/badge.svg)](https://github.com/100xPercent/pop-pay/actions/workflows/ci.yml) [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18-339933?logo=node.js\u0026logoColor=white)](https://nodejs.org/)\n\n\u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n        \u003cimg src=\"https://raw.githubusercontent.com/100xPercent/pop-pay-python/main/project_banner.png\" alt=\"Point One Percent (AgentPay)\" width=\"800\"\u003e\n    \u003c/picture\u003e\n\u003c/p\u003e\n\n# Point One Percent — pop-pay\n\u003cp align=\"left\"\u003e\u003ci\u003eit only takes \u003cb\u003e0.1%\u003c/b\u003e of Hallucination to drain \u003cb\u003e100%\u003c/b\u003e of your wallet.\u003c/i\u003e\u003c/p\u003e\n\nThe runtime security layer for AI agent commerce. Drop-in CLI + MCP server. Card credentials are injected directly into the browser DOM via CDP — they never enter the agent's context window. One hallucinated prompt can't drain a wallet it can't see.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/100xPercent/pop-pay-python/main/assets/runtime_demo.gif\" alt=\"Point One Percent — live CDP injection demo\" width=\"800\"\u003e\n\u003c/p\u003e\n\n## Install\n\nChoose your preferred method:\n\n\u003cdetails\u003e\n\u003csummary\u003eHomebrew (macOS)\u003c/summary\u003e\n\n```bash\nbrew install 100xpercent/tap/pop-pay\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ecurl (Linux / macOS) — bootstraps via npm; requires Node.js 18+\u003c/summary\u003e\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/100xPercent/pop-pay/main/install.sh | sh\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003enpm (global)\u003c/summary\u003e\n\n```bash\nnpm install -g pop-pay\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003enpx (no install — one-off runs)\u003c/summary\u003e\n\n```bash\nnpx -y pop-pay \u003ccommand\u003e\n```\n\n\u003c/details\u003e\n\nAll install paths expose the same binaries: `pop-pay`, `pop-launch`, `pop-init-vault`, `pop-unlock`.\n\n\u003e Also available as `@100xpercent/mcp-server-pop-pay` — identical package under the MCP `@scope/mcp-server-\u003cname\u003e` convention. Tracks the same version on every release.\n\n\u003e **Using Python?** Check out [pop-pay-python](https://github.com/100xPercent/pop-pay-python) — `pip install pop-pay`. Same security model, same vault format, independent release cycle — safe to switch between runtimes.\n\n## Quick Start (CLI)\n\n### 1. Initialize the encrypted credential vault\n```bash\npop-pay init-vault\n```\n\nThis encrypts your card credentials into `~/.config/pop-pay/vault.enc` (AES-256-GCM). For stronger protection (blocks agents with shell access):\n\n```bash\npop-pay init-vault --passphrase   # one-time setup\npop-pay unlock                     # run once per session\n```\n\n### 2. Launch Chrome with CDP remote debugging\n```bash\npop-pay launch\n```\n\nThis opens a Chromium instance on `http://localhost:9222` that pop-pay injects credentials into. Your agent (via MCP, browser automation, or x402) then drives the checkout flow — card details never leave the browser process.\n\n### 3. Plug into your agent\nThe CLI launches infrastructure; the actual payment tool calls come from your agent. Two supported paths:\n\n- **MCP server** — add pop-pay to any MCP-compatible client (Claude Code, Cursor, Windsurf, OpenClaw). See [MCP Server](#mcp-server-optional) below.\n- **x402 HTTP** — pay for API calls via the [x402 payment protocol](docs/INTEGRATION_GUIDE.md#x402).\n\nFull CLI reference: `pop-pay --help`.\n\n## MCP Server (optional)\n\n### Add to your MCP client\n\nStandard config for any MCP-compatible client:\n\n```json\n{\n  \"mcpServers\": {\n    \"pop-pay\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"pop-pay\", \"launch-mcp\"],\n      \"env\": {\n        \"POP_CDP_URL\": \"http://localhost:9222\"\n      }\n    }\n  }\n}\n```\n\n[\u003cimg src=\"https://img.shields.io/badge/VS_Code-VS_Code?style=flat-square\u0026label=Install%20MCP%20Server\u0026color=0098FF\" alt=\"Install in VS Code\"\u003e](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522pop-pay%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522-y%2522%252C%2522pop-pay%2522%252C%2522launch-mcp%2522%255D%252C%2522env%2522%253A%257B%2522POP_CDP_URL%2522%253A%2522http%253A%252F%252Flocalhost%253A9222%2522%257D%257D) [\u003cimg alt=\"Install in VS Code Insiders\" src=\"https://img.shields.io/badge/VS_Code_Insiders-VS_Code_Insiders?style=flat-square\u0026label=Install%20MCP%20Server\u0026color=24bfa5\"\u003e](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522pop-pay%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522-y%2522%252C%2522pop-pay%2522%252C%2522launch-mcp%2522%255D%252C%2522env%2522%253A%257B%2522POP_CDP_URL%2522%253A%2522http%253A%252F%252Flocalhost%253A9222%2522%257D%257D) [\u003cimg src=\"https://img.shields.io/badge/Cursor-Cursor?style=flat-square\u0026label=Install%20MCP%20Server\u0026color=5C2D91\" alt=\"Install in Cursor\"\u003e](cursor://anysphere.cursor-deeplink/mcp/install?name=pop-pay\u0026config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsInBvcC1wYXkiLCJsYXVuY2gtbWNwIl0sImVudiI6eyJQT1BfQ0RQX1VSTCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTIyMiJ9fQ==)\n\n\u003cdetails\u003e\n\u003csummary\u003eClaude Code\u003c/summary\u003e\n\nClaude Code uses its own CLI — the JSON config above is not needed.\n\n```bash\nclaude mcp add --scope user pop-pay -- npx -y pop-pay launch-mcp\n```\n\n`--scope user` makes it available across all projects. To remove: `claude mcp remove pop-pay`\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eCursor / Windsurf / VS Code\u003c/summary\u003e\n\nAdd the JSON config above to:\n- **Cursor**: `~/.cursor/mcp.json`\n- **Windsurf**: `~/.codeium/windsurf/mcp_config.json`\n- **VS Code (Copilot)**: `.vscode/mcp.json` in project root\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eOpenClaw / NemoClaw\u003c/summary\u003e\n\nOpenClaw has its own CLI — the JSON config above is not needed.\n\n```bash\nopenclaw mcp add pop-pay -- npx -y pop-pay launch-mcp\n```\n\nOr add to `~/.openclaw/mcp_servers.json` using the JSON config above.\n\nFor System Prompt templates and NemoClaw sandbox setup, see [Integration Guide §4](./docs/INTEGRATION_GUIDE.md).\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eDocker\u003c/summary\u003e\n\n```bash\ndocker-compose up -d\n```\n\nRuns the MCP server + headless Chromium with CDP. Mount your encrypted vault from the host.\n\n\u003c/details\u003e\n\n## MCP Tools\n\n| Tool | Description |\n|:---|:---|\n| `request_virtual_card` | Issue a virtual card and inject credentials into the checkout page via CDP. Automatically scans the page for hidden prompt injections. |\n| `request_purchaser_info` | Auto-fill billing/contact info (name, address, email, phone). Automatically scans the page for hidden prompt injections. |\n| `request_x402_payment` | Pay for API calls via the x402 HTTP payment protocol. |\n\n\u003e **Tip for Claude Code users:** Add the following to your project's `CLAUDE.md` to help the agent know when to call pop-pay:\n\u003e *\"When you encounter a payment form or checkout page, use the `request_virtual_card` tool. For billing/contact info forms, use `request_purchaser_info` first.\"*\n\n## Configuration\n\nCore variables in `~/.config/pop-pay/.env`. See [ENV_REFERENCE.md](./docs/ENV_REFERENCE.md) for the full list.\n\n| Variable | Default | Description |\n|---|---|---|\n| `POP_ALLOWED_CATEGORIES` | `[\"aws\",\"cloudflare\"]` | Approved vendor categories — see [Categories Cookbook](./docs/CATEGORIES_COOKBOOK.md) |\n| `POP_MAX_PER_TX` | `100.0` | Max USD per transaction |\n| `POP_MAX_DAILY` | `500.0` | Max USD per day |\n| `POP_BLOCK_LOOPS` | `true` | Block hallucination/retry loops |\n| `POP_AUTO_INJECT` | `true` | Enable CDP card injection |\n| `POP_GUARDRAIL_ENGINE` | `keyword` | `keyword` (zero-cost) or `llm` (semantic) |\n\n### Guardrail Mode\n\n| | `keyword` (default) | `llm` |\n|---|---|---|\n| **Mechanism** | Keyword matching on reasoning string | Semantic analysis via LLM |\n| **Cost** | Zero — no API calls | One LLM call per request |\n| **Best for** | Development, low-risk workflows | Production, high-value transactions |\n\n\u003e To enable LLM mode, see [Integration Guide §1](./docs/INTEGRATION_GUIDE.md#guardrail-mode-configuration).\n\n## Providers\n\n| Provider | Description |\n|:---|:---|\n| **BYOC** (default) | Bring Your Own Card — encrypted vault credentials, local CDP injection. |\n| **Stripe Issuing** | Real virtual cards via Stripe API. Requires `POP_STRIPE_KEY`. |\n| **Lithic** | Multi-issuer adapter (Stripe Issuing / Lithic). |\n| **Mock** | Test mode with generated card numbers for development. |\n\n**Priority:** Stripe Issuing → BYOC Local → Mock.\n\n## Security\n\n| Layer | Defense |\n|---|---|\n| **Context Isolation** | Card credentials never enter the agent's context window or logs |\n| **Encrypted Vault** | AES-256-GCM with XOR-split salt and native scrypt key derivation (Rust) |\n| **TOCTOU Guard** | Domain verified at the moment of CDP injection — blocks redirect attacks |\n| **Repr Redaction** | Automatic masking (`****-4242`) in all MCP responses, logs, and tracebacks |\n\nSee [THREAT_MODEL.md](./docs/THREAT_MODEL.md) for the full STRIDE analysis and [COMPLIANCE_FAQ.md](./docs/COMPLIANCE_FAQ.md) for enterprise details.\n\n## Architecture\n\n- **TypeScript** — MCP server, CDP injection engine, guardrails, CLI\n- **Rust (napi-rs)** — Native security layer: XOR-split salt storage, scrypt key derivation\n- **Node.js crypto** — AES-256-GCM vault encryption (OpenSSL binding)\n- **Chrome DevTools Protocol** — Direct DOM injection via raw WebSocket\n\n## Documentation\n\n- [Threat Model](docs/THREAT_MODEL.md) — STRIDE analysis, 5 security primitives, 10 attack scenarios\n- [Guardrail Benchmark](docs/GUARDRAIL_BENCHMARK.md) — 95% accuracy across 20 test scenarios\n- [Compliance FAQ](docs/COMPLIANCE_FAQ.md) — PCI DSS, SOC 2, GDPR details\n- [Environment Reference](docs/ENV_REFERENCE.md) — All POP_* environment variables\n- [Integration Guide](docs/INTEGRATION_GUIDE.md) — Setup for Claude Code, Node.js SDK, and browser agents\n- [Categories Cookbook](docs/CATEGORIES_COOKBOOK.md) — POP_ALLOWED_CATEGORIES patterns and examples\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F100xpercent%2Fpop-pay","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F100xpercent%2Fpop-pay","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F100xpercent%2Fpop-pay/lists"}