io.github.100xPercent/pop-pay

io.github.100xPercent/pop-pay·v0.5.7·Security

Quality Score

/100

Runtime security for AI agent commerce. CLI + MCP server blocks hallucinated purchases.

Repository →

§01 Install

Claude Desktop (claude_desktop_config.json)

{
  "mcpServers": {
    "pop-pay": {
      "command": "npx",
      "args": [
        "-y",
        "pop-pay"
      ],
      "env": {
        "POP_CDP_URL": "http://localhost:9222",
        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
        "POP_MAX_PER_TX": "100.0",
        "POP_MAX_DAILY": "500.0",
        "POP_GUARDRAIL_ENGINE": "keyword"
      }
    }
  }
}

Cursor (.cursor/mcp.json)

{
  "mcpServers": {
    "pop-pay": {
      "command": "npx",
      "args": [
        "-y",
        "pop-pay"
      ],
      "env": {
        "POP_CDP_URL": "http://localhost:9222",
        "POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
        "POP_MAX_PER_TX": "100.0",
        "POP_MAX_DAILY": "500.0",
        "POP_GUARDRAIL_ENGINE": "keyword"
      }
    }
  }
}

Cline (cline_mcp_settings.json)

npx -y pop-pay

§02 Environment variables

POP_CDP_URL

Chrome DevTools Protocol endpoint for credential injection (default: http://localhost:9222)

POP_ALLOWED_CATEGORIES

JSON array of allowed vendor categories (e.g. '["aws","cloudflare"]')

POP_MAX_PER_TX

Per-transaction spending limit in USD

POP_MAX_DAILY

Daily spending limit in USD

POP_GUARDRAIL_ENGINE

Guardrail engine: 'keyword' (offline, default) or 'llm' (requires API key)

§03 MCP Quality Score · methodology

freshness

completeness

installability

documentation

stability

§04 Alternatives in Security

Helixar Security

ai.helixar/mcp

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

ai.smithery/Nekzus-npm-sentinel-mcp

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

app.zenable/zenable

Zenable cleans up sloppy AI code and prevents vulnerabilities with deterministic guardrails