{"id":49820958,"url":"https://github.com/goodmeta/agent-verifier","last_synced_at":"2026-05-30T02:00:24.971Z","repository":{"id":346505696,"uuid":"1185365610","full_name":"goodmeta/agent-verifier","owner":"goodmeta","description":"Agent spending verification — budget caps, spending policies, and cross-agent budget tracking. Works with AP2, MPP, x402, or any payment rail.","archived":false,"fork":false,"pushed_at":"2026-03-24T14:43:33.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-25T07:51:20.274Z","etag":null,"topics":["agent-payments","ai-agents","ap2","mpp","spending-verification","x402"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@goodmeta/agent-verifier","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/goodmeta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-18T14:06:31.000Z","updated_at":"2026-03-24T15:12:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/goodmeta/agent-verifier","commit_stats":null,"previous_names":["goodmeta/agent-verifier"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/goodmeta/agent-verifier","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goodmeta%2Fagent-verifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goodmeta%2Fagent-verifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goodmeta%2Fagent-verifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goodmeta%2Fagent-verifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goodmeta","download_url":"https://codeload.github.com/goodmeta/agent-verifier/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goodmeta%2Fagent-verifier/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33677261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-payments","ai-agents","ap2","mpp","spending-verification","x402"],"created_at":"2026-05-13T11:00:36.524Z","updated_at":"2026-05-30T02:00:24.956Z","avatar_url":"https://github.com/goodmeta.png","language":"TypeScript","funding_links":[],"categories":["Tools \u0026 Frameworks"],"sub_categories":[],"readme":"# @goodmeta/agent-verifier\n\nImplements the [Budget Authority Protocol](https://github.com/goodmeta/agent-payments-landscape/blob/main/specs/budget-authority-protocol.md). Can this agent spend $X on Y right now? One function call.\n\n```ts\nimport { checkPolicy } from \"@goodmeta/agent-verifier\"\n\nconst result = checkPolicy(policy, {\n  agentId: \"agent-1\",\n  amount: 4500,\n  idempotencyKey: \"tx-1\",\n})\n// → { approved: true, remaining: { budget: 15500 } }\n// → { approved: false, reason: \"BUDGET_EXCEEDED\", detail: \"$45 exceeds remaining $30\" }\n```\n\nOr with the hosted verifier (cross-agent budget tracking):\n\n```ts\nimport { VerifierClient } from \"@goodmeta/agent-verifier\"\n\nconst verifier = new VerifierClient({ apiKey: \"gm_live_...\" })\nconst { approved, verificationId } = await verifier.verify(mandate, {\n  amount: \"3000\",\n  idempotencyKey: \"tx-1\",\n})\n```\n\n## Why\n\nAgents need spending limits. Without them, a runaway agent generates unlimited charges. This library answers one question before every transaction:\n\n**Is this agent authorized to spend this amount?**\n\n- **Budget caps** — $200/month, $50 max per transaction\n- **Scope restrictions** — allowed API codes, allowed customers, blocklists\n- **Cross-agent tracking** — one budget across multiple services (hosted mode)\n- **Rail-agnostic** — works with Stripe, x402, MPP, bank transfers, anything\n\n## Install\n\n```bash\nnpm install @goodmeta/agent-verifier\n```\n\n## Usage\n\n### Policy-based verification\n\nNo crypto, no signatures. Define spending rules, check against them. Good for billing systems, MCP servers, internal tools.\n\n```ts\nimport { checkPolicy, type SpendingPolicy } from \"@goodmeta/agent-verifier\"\n\nconst policy: SpendingPolicy = {\n  agentId: \"billing-agent\",\n  budgetTotal: 20_000, // $200/month\n  budgetPeriod: \"monthly\",\n  constraints: {\n    maxPerEvent: 5_000, // $50 per event\n    allowedCodes: [\"api_calls\", \"compute\"],\n  },\n}\n\n// ✅ approved\ncheckPolicy(policy, {\n  agentId: \"billing-agent\",\n  amount: 4_500,\n  idempotencyKey: \"tx-1\",\n})\n// → { approved: true, remaining: { budget: 15500, period: \"monthly\" } }\n\n// ❌ over per-event limit\ncheckPolicy(policy, {\n  agentId: \"billing-agent\",\n  amount: 6_000,\n  idempotencyKey: \"tx-2\",\n})\n// → { approved: false, reason: \"AMOUNT_EXCEEDED\", detail: \"$60.00 exceeds per-event max $50.00\" }\n\n// ❌ code not allowed\ncheckPolicy(policy, {\n  agentId: \"billing-agent\",\n  amount: 3_000,\n  metadata: { code: \"storage\" },\n  idempotencyKey: \"tx-3\",\n})\n// → { approved: false, reason: \"CODE_NOT_ALLOWED\", detail: 'Code \"storage\" not in allowed list' }\n```\n\n### AP2 mandate verification\n\nFor agents carrying [AP2](https://ap2-protocol.org/) cryptographic mandates (Google, 60+ partners). Verifies EIP-712 signatures and checks constraints.\n\n```ts\nimport {\n  verifyIntentSignature,\n  checkConstraints,\n} from \"@goodmeta/agent-verifier\"\n\n// verify the mandate signature is real\nconst sig = await verifyIntentSignature(mandate)\nif (!sig.valid) throw new Error(sig.error)\n\n// check spending constraints\nconst check = checkConstraints(mandate, {\n  amount: \"3000\",\n  merchantId: \"merchant-1\",\n})\nif (!check.valid) throw new Error(check.error)\n```\n\n### Hosted verifier\n\nWhen one agent's budget spans multiple services — Mistral AND Groq AND CoreWeave — a shared verifier tracks the total spend. Self-hosted verification can't do this because each service only sees its own transactions.\n\n```ts\nimport { VerifierClient } from \"@goodmeta/agent-verifier\"\n\nconst verifier = new VerifierClient({\n  apiKey: \"gm_live_...\",\n  baseUrl: \"https://verifier.goodmeta.co\",\n})\n\n// verify + place budget hold\nconst { approved, verificationId } = await verifier.verify(mandate, {\n  amount: \"3000\",\n  currency: \"USDC\",\n  idempotencyKey: \"order-123\",\n})\n\nif (approved) {\n  // settle via any payment rail\n  const payment = await charge(/* stripe, x402, mpp, bank */)\n\n  await verifier.settle(verificationId!, {\n    success: payment.ok,\n    transactionId: payment.id,\n    rail: \"card\",\n  })\n}\n```\n\n## API\n\n### Policy\n\n| Function | Description |\n| --- | --- |\n| `checkPolicy(policy, request, currentSpend?)` | Check a spending request against policy constraints |\n\n### AP2 mandates\n\n| Function | Description |\n| --- | --- |\n| `verifyIntentSignature(mandate)` | Verify EIP-712 signature on an Intent Mandate |\n| `verifyCartSignature(mandate)` | Verify EIP-712 signature on a Cart Mandate |\n| `checkConstraints(mandate, tx)` | Check budget, merchant, category, and temporal constraints |\n| `signIntentMandate(mandate, account)` | User signs autonomous spending authority |\n| `signCartMandate(mandate, account)` | Merchant signs price commitment |\n| `approveCartMandate(mandate, account)` | User approves a specific purchase |\n\n### Hosted verifier client\n\n| Method | Description |\n| --- | --- |\n| `verifier.verify(mandate, tx)` | Verify with full mandate object + place budget hold |\n| `verifier.verifyById(mandateId, tx)` | Verify by ID (agent passes ID, verifier has mandate on file) |\n| `verifier.settle(id, result)` | Confirm payment or release hold |\n| `verifier.getMandateState(id)` | Query budget, tx count, and history |\n\n## Related\n\n- [AP2](https://ap2-protocol.org/) — Agent payment authorization by Google (60+ partners)\n- [MPP](https://mpp.dev/) — Machine Payments Protocol by Tempo + Stripe\n- [x402](https://www.x402.org/) — HTTP-native agent payments by Coinbase\n\n## License\n\nMIT — [Good Meta](https://goodmeta.co)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoodmeta%2Fagent-verifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoodmeta%2Fagent-verifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoodmeta%2Fagent-verifier/lists"}