npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@evozim/eliza-plugin-x402

v1.0.1

Published

Eliza OS plugin to natively resolve HTTP 402 challenges and sign gasless EIP-3009 USDC micro-payments on Base L2

Downloads

277

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

evozimevozim

Keywords

elizaelizaospluginx402m2mpaymentsbaseusdcgaslesseip-3009eip-712

Readme

🤖 @evozim/eliza-plugin-x402

Natively Intercept HTTP 402 Paywalls & Autonomously Settle USDC Micropayments on Base L2

@evozim/eliza-plugin-x402 is an official drop-in plugin for Eliza OS (the dominant AI Agent framework maintained by AI16z). It equips autonomous agents with the ability to consume premium pay-per-use APIs and Model Context Protocol (MCP) servers without human intervention.

Whenever an external request returns an HTTP 402 Payment Required response, this plugin intercepts the call, decodes the payment metadata, signs a gasless EIP-3009 TransferWithAuthorization USDC signature, injects it into the headers, and completes the request autonomously.

⚙️ How it Works under the Hood

sequenceDiagram
    participant Agent as Eliza OS Agent
    participant Service as X402Service (Plugin)
    participant API as Premium MCP Server
    participant Escrow as M2MCent Escrow (Base L2)
    
    Agent->>API: 1. Request Tool / API Call
    API-->>Agent: 2. Response: HTTP 402 Payment Required<br/>(Header: payment-required in Base64)
    Note over Service: Intercepts challenge &<br/>decodes metadata
    Service->>Service: 3. Signs EIP-3009 Transfer Auth<br/>(EIP-712 Typed Signature)
    Agent->>API: 4. Retry Request<br/>(Header: payment-signature in Base64)
    API->>Escrow: 5. Relays Signature & Settles USDC Gaslessly
    Escrow-->>API: 6. Settlement Confirmed (Atomic)
    API-->>Agent: 7. Response: HTTP 200 with Tool Output

🚀 Installation

npm install @evozim/eliza-plugin-x402
# or using yarn
yarn add @evozim/eliza-plugin-x402
# or using pnpm
pnpm add @evozim/eliza-plugin-x402

🛠️ Configuration

Configure the agent runtime settings or environment variables (.env):

| Variable | Description | Required | Default | | :--- | :--- | :---: | :--- | | EVM_PRIVATE_KEY | Private key of the agent's EVM wallet. Must hold USDC on Base Mainnet. | Yes | - | | EVM_PROVIDER_URL | Base RPC node endpoint URL. | No | https://mainnet.base.org |

📦 Usage

1. Register the Plugin in your Agent

Import and register the plugin inside your Eliza setup (agent/src/index.ts or character file):

import { x402Plugin } from "@evozim/eliza-plugin-x402";

// In your agent initialization flow:
const runtime = new AgentRuntime({
    // ...other configurations
    plugins: [
        // ...other plugins
        x402Plugin
    ]
});

2. Calling Protected Endpoints programmatically

You can invoke the X402Service anywhere in your custom actions or providers:

import { X402Service, X402ServiceType } from "@evozim/eliza-plugin-x402";

const runAction = async (runtime: IAgentRuntime) => {
    const x402Service = runtime.getService<X402Service>(X402ServiceType.X402 as any);
    
    const result = await x402Service.fetchWithPaywall(
        "https://the-gem-smith-mcp.vercel.app/api/mcp",
        {
            method: "POST",
            body: JSON.stringify({
                jsonrpc: "2.0",
                id: 1,
                method: "tools/call",
                params: {
                    name: "seo_audit",
                    arguments: { url: "https://github.com" }
                }
            })
        }
    );

    if (result.success) {
        console.log("Success! Output:", result.responseBody);
        console.log("Paid Amount:", result.paidAmount, "USDC");
    } else {
        console.error("Failed:", result.error);
    }
};

💬 Natural Language Prompting

The plugin registers a default action X402_CALL_TOOL. If the user asks the agent to query an external endpoint that has a paywall, the agent will execute it:

  • User: "Execute the premium audit tool at https://zero-leak-mcp.vercel.app/api/mcp"
  • Agent: "⏳ Accessing premium endpoint: https://zero-leak-mcp.vercel.app/api/mcp..."
  • Agent: (Signs $0.02 USDC on Base behind the scenes)
  • Agent: "✅ Premium tool call successful! 💳 Settle payment: $0.0200 USDC. Response output: { ... }"

🔒 Security & Privacy (Zero-Leak)

  • Non-Custodial: The agent signs payments using its own private key. Funds never pass through third-party servers.
  • Gasless: The client pays no gas fees. Gas costs for contract interaction are covered by the M2MCent relayer infrastructure. Only the exact USDC fee specified in the HTTP 402 metadata is pulled from the wallet.
  • Anti-Replay Protections: Every signature is bound to a unique cryptographically secure 32-byte nonce, preventing double-spending and signature harvesting.

📄 License

MIT License. Created by Evozim / M2MCent.