AgentPass -- Secure MCP for Regulated Finance. MCPS + Agent Identity for the Agent Economy. IETF Draft
AgentPass · Agent payments

Any agent. Any rail.
One pass.

Rapid payment integration supporting any payment flow or standard. AgentPass sits between your agent and the payment rail -- signing identity, scoring trust, screening sanctions, and shaping the request into whatever the rail wants. Works with x402, AP2, ACP, MPP, Mastercard Agent Pay, Visa TAP, Stripe, and L402.

See 60-second demo Integrate in 10 lines
McKinsey projects $3T--$5T of global agentic commerce value by 2030 and up to $1T of US retail revenue directed by agents. Someone has to verify every one of those payments.
Linux Foundation x402 ready AP2 Mandate compatible Visa TAP signature compatible Mastercard sandbox integrated OWASP MCP Top 10 contributor IETF draft-sharif-* Cited in academic research (arXiv)

The architecture of autonomous agent trust

One trust layer. Any transport. Any payment rail.

The architecture of autonomous agent trust: interaction and settlement layer (MCP, WebMCP, A2A, REST, CLI audited by xat), unified payment gateways (Stripe, L402, x402, ACP, MPP, TAP, Agent Pay), validation and trust layer (x-agent-trust ECDSA P-256, AP2 Mandates, Visa TAP, ERC-8004), and AgentPass Trust Scores (L0-L4: AML, sanctions, velocity).
Secure Agent Identity x-agent-trust (ECDSA P-256, AP2 Mandates, Visa TAP, ERC-8004) Audited Transport MCP, WebMCP, A2A, REST, CLI -- all signed by xat Unified Payment Gateways Stripe, L402, x402, ACP, MPP, TAP, Agent Pay AgentPass Trust Scores L0--L4, graded on AML, sanctions, transaction velocity

No token tax per payment

MCP-native payment servers burn the context window on every transaction. AgentPass doesn't.

30-tool payment MCP
Expensive
3,705tokens schema floor
  • 30 tools: create_quote, confirm_payment_intent, capture, refund, dispute, customer CRUD, transfer, payout, subscription, webhook_verify, sanctions, KYC, velocity, risk, flag review
  • Full JSON schema re-injected on every hop
  • Real payment flows are multi-hop (quote → confirm → capture ≈ 11,115 tokens)
  • Tool-selection accuracy collapses as menu grows
$333 / month at 1,000 payments/day (Sonnet)1
AgentPass
16× smaller schema · ~48× effective
230tokens schema floor
  • One tool: agentpass_pay(rail, to, amount, currency)
  • Agent signs once with x-agent-trust (ECDSA, zero tokens)
  • Trust + sanctions + AML + rail settlement all run in deterministic code
  • Single call -- LLM never re-enters the loop
$21 / month at the same volume (saves $313)
The principle
AI belongs in the decision layer -- "should I authorise this payment?" After the agent signs, the payment rail is execution layer: deterministic code, zero tokens, full audit trail from the signature. This is Armin Ronacher's "code is the tool" pattern applied to money.
Numbers measured with tiktoken cl100k_base against a realistic 30-tool payment MCP and our 1-tool agentpass_pay. On Claude Opus ($15/MTok input) all figures x5: $1,667 / month vs $104 / month. Reproducible: github.com/cybersecai-uk/agentpass-demo-mcp/tree/main/benchmark.
1 3,705 tokens x 1,000 req/day x 30 days ÷ 1,000,000 x $3 ≈ $333. Agent payment flows that span multiple tool hops (quote -> confirm -> capture) multiply the 30-tool figure by the number of hops, giving an effective ~48x advantage at the payment-flow level.

Every credible agent payment rail

One adapter. One interface. One key pair.

Click-to-pay, for agents

Pick a rail. Pick an agent. Watch AgentPass gate the payment in real time with live sanctions and Mastercard risk scoring.

Integrate in 10 lines

One npm install. One function call. Your payments never touch our servers.

🔒
AgentPass is a library, not a payment processor.
ECDSA signing, sanctions screening, trust scoring, and rail payloads all run inside your infrastructure. We never see your transactions. BSL 1.1.
$ npm install @cybersecai-uk/agentpass-sdk

import { AgentPass } from '@cybersecai-uk/agentpass-sdk';

const ap = new AgentPass({ agentId, privateKey, publicKey });

const receipt = await ap.pay({
  rail: 'x402',
  to: 'acme-cloud-services',
  amount: 2500,
  currency: 'USD'
});

// Signed locally. Screened locally. Scored locally. Settled on rail.
// Never touches agentpass.co.uk.

Switch x402 for stripe / acp / ap2 / mpp / mastercard / visa-tap / l402 / mcp. Everything else stays the same.

Three ways to run AgentPass

SDKrecommended
Library in your process
  • Signs, screens, scores -- all local, zero network
  • 10 rail adapters bundled
  • npm / PyPI / Rust
  • BSL 1.1 · $0 dev-only, per-seat for production
For fintechs, banks, PSPs -- your payments stay in your VPC.
Self-hostedenterprise
Docker, runs on your infra
  • Same code as the SDK, wrapped as a microservice
  • Licence key enforced, air-gap friendly
  • Includes dashboards, audit logs, key management
  • BSL 1.1 · annual site licence
For regulated deployments with dedicated security + IAM.
Hosted APIdev / demo
Call agentpass.co.uk directly
  • Fastest zero-to-working path
  • Same endpoints as self-hosted
  • Rate-limited free tier, usage-based paid
  • Not recommended for production payment flows
For indie agent devs, hackathons, and this landing page demo.
Prefer a hosted HTTP call for quick evaluation? Expand. 
POST https://agentpass.co.uk/api/rails/x402/pay
Authorization: Bearer ap_live_...
Agent-Signature: keyId="...",alg="ES256",ts="...",sig="..."
Content-Type: application/json

{ "agentId": "agent_12345", "to": "acme-cloud-services", "amount": 2500, "currency": "USD" }

→ 201 { "rail":"x402", "trust":{"score":88,"level":"L3"}, "settlement":{...}, "auditTrail":{"signedBy":"x-agent-trust"} }

For fintech production traffic, use the SDK path above -- your transactions never leave your infrastructure.