agent-pay: buyer-side CLI tool for agent-native payments

[thisnick]

Problem

AI agents need to pay for things autonomously — cloud resources, APIs, SaaS tools, services from other agents — but have no native way to do so. The agent either gets blocked at a paywall or a human has to intervene.

agent-pay is a buyer-side CLI that handles the full payment loop: fetch descriptor → issue card → pay → submit receipt → return provisioned resource. It works against agent-charge sellers (clean API flow) and against any website with a standard checkout (browser + virtual card).

Two modes

Target	How it pays	Card needed?
agent-charge seller (has descriptor)	API: fetch descriptor → confirm PaymentIntent → POST receipt	Yes (virtual card)
Any website (standard checkout)	Browser automation: navigate → fill card form → confirm	Yes (virtual card)

The first mode is clean and instant. The second is a fallback for the real world where most sellers don't have agent-charge yet.

Prior art

ClawCard — OSS, MIT, built on Privacy.com. Handles card creation and lifecycle:

clawcard burner 25.50 -m "domain.com"  # single-use card
clawcard create -n "AI Tools" -l 50     # reusable with monthly cap

agent-pay extends this concept to: complete the full payment loop autonomously, abstract multiple card issuers, and speak the agent-pay descriptor format natively.

CLI interface

Setup (human, interactive, once)

agent-pay setup
# ? Default card issuer: (privacy / stripe-issuing / extend)
# ? API key: ••••••••
# ? Monthly budget cap (USD): 200
# ? Max per transaction (USD): 50
# ✓ Config written to ~/.agent-pay/config.json
# ✓ Verified connection — balance: $200.00

Pay an agent-charge seller (clean API flow)

# Full loop: fetch descriptor → issue card → pay → submit receipt → get resource
agent-pay charge https://myservice.com/.well-known/agent-pay.json

# Or inline descriptor (received in a conversation)
agent-pay charge '{"processor":"stripe","client_secret":"pi_abc_secret_...","amount":2900,"currency":"usd","receipt_endpoint":"https://..."}'

# stdout always JSON:
{"status":"provisioned","receipt":"pi_abc123","amount":2900,"currency":"usd","resource":{"type":"api_key","value":"sk_live_xyz"}}

Pay any website (browser automation)

# Agent navigates checkout, fills virtual card, confirms
agent-pay browse https://some-saas.com/pricing
# → opens browser → selects plan → fills card details → confirms
# {"status":"paid","receipt":"ch_abc123","amount":4900,"currency":"usd","vendor":"some-saas.com"}

Pay another agent in conversation

When a seller agent sends a payment descriptor or link mid-conversation, the buyer agent extracts it and runs:

agent-pay charge '{"processor":"stripe","client_secret":"...","amount":500}'

This works whether the descriptor came over text, email, WeChat, or any other channel. The conversation layer is separate — agent-pay just needs the descriptor.

Status

agent-pay status
# Monthly budget: $200
# Spent this month: $47.50 (23%)
# Active cards: 3
#
# Recent transactions:
#   $29.00  agent-wechat monthly    2h ago   pi_abc123
#   $12.00  OCI compute             1d ago   pi_def456
#    $5.00  API access              3d ago   pi_ghi789

Card management

agent-pay card create --amount 50 --vendor "domain.com" --type burner
# {"card_id":"card_xyz","last4":"4242","type":"burner","limit":5000}

agent-pay card list
agent-pay card close card_xyz

Internal flow of agent-pay charge

1. Fetch payment descriptor (GET url or parse inline JSON)
2. Check budget rules (monthly cap, per-tx max, blocked vendors)
3. Issue single-use virtual card via configured issuer
4. Confirm PaymentIntent with Stripe using the virtual card
5. Receive receipt (payment_intent id)
6. If receipt_endpoint present → POST receipt → receive provisioned resource
7. Return structured JSON to stdout

Config

{
  "issuers": {
    "default": "privacy",
    "privacy": {
      "api_key": "sk_..."
    },
    "stripe_issuing": {
      "api_key": "sk_..."
    },
    "extend": {
      "api_key": "sk_..."
    }
  },
  "budget": {
    "monthly_usd": 200,
    "per_transaction_max_usd": 50
  },
  "rules": {
    "blocked_vendors": [],
    "allowed_processors": ["stripe"],
    "require_approval_above_usd": 100
  }
}

Card issuer support

Issuer	Personal?	Business?	Status	Notes
Privacy.com	✅	✅	✅ v1	Best for personal/dev. ClawCard foundation.
Stripe Issuing	❌	✅	✅ v1	Best for business fleet (many agents).
Extend	❌	✅	✅ v1	Wraps existing Visa/MC/Amex — no new balance.

Pluggable issuer interface — add more over time.

Relationship to agent-charge

agent-pay and agent-charge are designed as a pair. The descriptor format (/.well-known/agent-pay.json) is the only coordination point. Either tool works independently:

• agent-pay can pay any Stripe checkout or website
• agent-charge can accept payment from any buyer with a virtual card

Implementation scope

• ~400 lines TypeScript (API flow) + browser automation module
• Dependencies: stripe, commander, node-fetch, playwright (for browse mode)
• Ships as: npm i -g agent-pay
• MCP server variant: npx agent-pay-mcp (for agents that prefer tool calls over shell)

Open questions

• Fork ClawCard or build fresh? (ClawCard is MIT licensed)
• MCP interface first-class or afterthought?
• How to handle non-Stripe processors on the seller side (Adyen, Braintree)?
• Timeout handling for slow provision hooks?
• Should agent-pay verify descriptor signatures?
• Browser automation: headless or headed? How to handle CAPTCHAs?
• Approval flow for transactions above a threshold (notify human, wait for OK)?